[Snort-users] Process Snort alerts on real time
valeparatodo at ...11827...
Wed Feb 22 07:22:17 EST 2017
Yes, that is great for static logs. But unfortunately my problem is not the
same than in that thread, unless there is something that I misunderstood.
I also could obtain the content of the packet in hexadecimal from u2Spewfoo
( after parsing it ).
But, u2Spewfoo is only for static logs as well. So I am trying to use the
SpoolEventReader from ids-tools that provides you real time events, already
converted to a readable format. The problem is that this tools provide the
packet info in some kind of binary raw that I don't know how to process.
I add an extract as an example
I could use both u2spewfoo or the combination of tools you proposed if I
had the event in unified2 from SpoolEventReader, but this is not the case.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users