Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unified snort logs to text?

From: beenph <beenph () gmail com>
Date: Mon, 17 Dec 2012 15:43:31 -0500
On Mon, Dec 17, 2012 at 3:30 PM, Steve Marotta <smarotta () cra com> wrote:


Is there a way to use Barnyard to simply take the unified logs that Snort

produces in NIDS mode and turn them into text files? I see that Barnyard
reads the data into a database; I don't need all of that, just something to
generate a text file with a list of high-level network events.





In barnyard2.conf example distributed with the source.

This might be what your looking for.


# alert_fast
#
----------------------------------------------------------------------------
# Purpose: Converts data to an approximation of Snort's "fast alert" mode.
#
# Arguments: file <file>, stdout
# arguments should be comma delimited.
# file - specifiy alert file
# stdout - no alert file, just print to screen
#
# Examples:
# output alert_fast
# output alert_fast: stdout
#
output alert_fast: stdout

-elz

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: