|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: beenph (beenph
gmail.com)
Date: Wed May 01 2013 - 15:57:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, May 1, 2013 at 4:39 PM, Balla István <balla.bmfgmail.com> wrote:
> sorry. snort.u2 is the log output format (unified2) with the appended
> identifier: .1234557...
> but why is that snort cannot read it with ./snort -r ./log/snort.u2.12345678
>
To read unified2 file you can use
u2spewfoo (comes with snort source package)
u2bloat (to extract packet from unified2 file, also comes with snort
source package)
snort unified perl (http://code.google.com/p/snort-unified-perl/)
or
barnyard2 (to process unified2 file to different output,
www.github.com/firnsy/barnyard2)
-elz
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]