Re: snortlog parsing

From: Stuart Staniford (stuart@silicondefense.com)
Date: 10/09/01


Message-ID: <3BC32854.4E8FE0FD@silicondefense.com>
Date: Tue, 09 Oct 2001 09:39:48 -0700
From: Stuart Staniford <stuart@silicondefense.com>
To: John Ellingsworth <jellings@mail.med.upenn.edu>
Subject: Re: snortlog parsing

I'm not sure I exactly understand the question (feel free to clarify).

I assume you mean the detailed packet dumps that Snort produces?
Snortsnarf turns these into web pages and links to them (from web pages
derived from the alert logs). However, it doesn't really parse them to
extract the information for use in some other way.

Snortsnarf is at http://www.silicondefense.com/snortsnarf/

Stuart.

John Ellingsworth wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Does anyone know of a perl script available that parses the default
> snort logs, not the alert files?
>
> I'd like to know before I start writing one myself . . .
>
> john
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBO7yVyAbexkNIm1OFEQK9iwCg+gLBhy7Z6p2rhxN7085hvzOMTK4AnRsU
> xYGYcnwScaYy9Sq8UuvWbeHV
> =XNcg
> -----END PGP SIGNATURE-----

-- 
Stuart Staniford     ---     President     ---     Silicon Defense
         ** Silicon Defense: Technical Support for Snort **
mailto:stuart@silicondefense.com  http://www.silicondefense.com/
(707) 445-4355 x 16                           (707) 445-4222 (FAX)