Re: snortlog parsing
From: Stuart Staniford (stuart@silicondefense.com)Date: 10/09/01
- Previous message: Lee Brotherston: "RE: IDS signature managment"
- In reply to: John Ellingsworth: "snortlog parsing"
- Next in thread: John Ellingsworth: "Re: snortlog parsing"
- Reply: John Ellingsworth: "Re: snortlog parsing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3BC32854.4E8FE0FD@silicondefense.com> Date: Tue, 09 Oct 2001 09:39:48 -0700 From: Stuart Staniford <stuart@silicondefense.com> To: John Ellingsworth <jellings@mail.med.upenn.edu> Subject: Re: snortlog parsing
I'm not sure I exactly understand the question (feel free to clarify).
I assume you mean the detailed packet dumps that Snort produces?
Snortsnarf turns these into web pages and links to them (from web pages
derived from the alert logs). However, it doesn't really parse them to
extract the information for use in some other way.
Snortsnarf is at http://www.silicondefense.com/snortsnarf/
Stuart.
John Ellingsworth wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Does anyone know of a perl script available that parses the default
> snort logs, not the alert files?
>
> I'd like to know before I start writing one myself . . .
>
> john
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBO7yVyAbexkNIm1OFEQK9iwCg+gLBhy7Z6p2rhxN7085hvzOMTK4AnRsU
> xYGYcnwScaYy9Sq8UuvWbeHV
> =XNcg
> -----END PGP SIGNATURE-----
--
Stuart Staniford --- President --- Silicon Defense
** Silicon Defense: Technical Support for Snort **
mailto:stuart@silicondefense.com http://www.silicondefense.com/
(707) 445-4355 x 16 (707) 445-4222 (FAX)
- Previous message: Lee Brotherston: "RE: IDS signature managment"
- In reply to: John Ellingsworth: "snortlog parsing"
- Next in thread: John Ellingsworth: "Re: snortlog parsing"
- Reply: John Ellingsworth: "Re: snortlog parsing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
