Snort mailing list archives

Re: Extracting Snort alerts from DB

From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 18 Dec 2012 12:54:34 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 18/12/2012 12:03, elof () sentor se wrote:

In short:
I recommend you to extract the full packet as-is directly from the unified2 file or from the pcap-file that barnyard2 
create instead of gluing together the chopped pieces from the database.


I've got a lot of u2 files (from many instances) but
this does seem a lot easier.

I haven't got BY2 writing pcaps but can use u2boat to get what I need.

Thanks to Elof!

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division         Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJQ0GeKAAoJELhVoVpEMS6RtfgH/0uP0Mou8VnDJkAGOjeAZcDa
9xvFYRA8KeqR10agIAYEOVJ/vnCYi8GvJ/btcd/SbtP7SPOCZ7L9O+iHLrN2w2gl
OZqEqgjZ8bvaTefW2b4S1sAH/S88LSILsrEhwv+ZD60FOTJ8a8ko4Cidqwy7gpBW
hKb2Hj9vrTyjmPU1izJQHe4GkQqt0aAJoazPNUW8lrwFspac0p8Czu5a5Gmtr18d
9xhDzxrYkbNTnNUi8p0otftcVDbK1jBAeGRfnH4xbjgyNVfRFMZGcqnIqOp8vKgv
guFlywx8Tj0YSambjb6Usm71l0qiGZ91ugcbDWKMdKhXfyK6+MS2ABVUKpBJ5kU=
=hfK6
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Extracting Snort alerts from DB Peter Bates (Dec 18)
- Re: Extracting Snort alerts from DB salawank (Dec 18)
- Re: Extracting Snort alerts from DB elof (Dec 18)
  - Re: Extracting Snort alerts from DB Peter Bates (Dec 18)