Advertisement

06.30.2008 at 09:44AM PDT, ID: 23527510 | Points: 500
[x]
Attachment Details

PERL extracting snort logs

Asked by lpblp in Perl Programming Language, Intrusion Detection Systems (IDS)

Tags:

I would like to ask if there is a way to extract the log on snort.log.* and extract it to a Web interface.  I know there is BASE, SGUIL, etc.  However, I want a simple quick way of analyzing the traffic to include: Source, Destination, Payload, etc.  Preferably in PERL.

The output log is the following:

-*> Snort! <*-
Version 1.8.7 (Build 128)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
10/11-18:45:05.521560 192.168.0.144 -> 192.168.1.105
ICMP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:84 DF
Type:8  Code:0  ID:35330   Seq:0  ECHO



e.g. in plain text!

OUTPUT

Field    Internal Name
    source IP    source_ip
    destination IP    destination_ip
    source port    source_port
    destination port    destination_port
    classification    classification
    snort priority    snort_priority
    protocol    protocol
    rule    rule
    message    message
Start Free Trial
 
Keywords: PERL extracting snort logs
Title
1 Explanation of a particular snort log
2 snort
3 Snort
4 Snort effectiveness
5 SNORT - How good is it?
6 snort sensor
 
Loading Advertisement...
 
[+][-]06.30.2008 at 06:35PM PDT, ID: 21904431

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.01.2008 at 03:36AM PDT, ID: 21906291

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.11.2008 at 09:24PM PDT, ID: 21987692

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.13.2008 at 03:03PM PDT, ID: 21994421

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11.10.2008 at 05:37AM PST, ID: 22921260

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628