Snort mailing list archives

Re: Converting ASCII logs to Unified Format

From: "Esler, Joel CNTR/Sytex" <joel.esler () rcert-s army mil>
Date: Mon, 14 Mar 2005 11:15:32 -0500

Unified format is completely different from the ASCII log.  I would
double check your Snort.conf settings.

J

On Sat, 2005-03-12 at 22:03 -0800, Jim O'Leary wrote:

I have Snort set up so that it outputs logs and alerts to the binary
"unified" format. I also have barnyard set  up so that it reads those
binary files and sticks them into a MySQL database. 
 
The problem is, I've been given a group of Snort output files that are
in the ASCII format.  How do I convert these files to "unified" so I
can get barnyard to stick them into MySQL?
 
Thanks


-- 
Esler, Joel CNTR/Sytex <joel.esler () rcert-s army mil>

Current thread:

Converting ASCII logs to Unified Format Jim O'Leary (Mar 12)
- Re: Converting ASCII logs to Unified Format Esler, Joel CNTR/Sytex (Mar 14)
  - RE: Converting ASCII logs to Unified Format Jim O'Leary (Mar 14)
    - RE: Converting ASCII logs to Unified Format Esler, Joel CNTR/Sytex (Mar 14)
    - RE: Converting ASCII logs to Unified Format Jim O'Leary (Mar 14)
    - RE: Converting ASCII logs to Unified Format Esler, Joel CNTR/Sytex (Mar 14)