Linux-BSD-Central - Snort Log Parser

Home

Program Downloads

Snort Log Parser

Main Menu

Home

Most Read

	Automating SFTP using expect
	FreeBSD PPTP VPN
	SnortShorwall - Using Snort And Shorewall Together
	Shorewall Router on Linux
	Shorewall Stand Alone Firewall

Polls

Syndicate
Latest news direct to your desktop

No account yet? Create one

Members Online

	Members (14090)	# Online
	Guests	10
	Users	0

Online Users
No Users Online

Statistics
OS: Linux w PHP: 5.2.17 MySQL: 5.1.56 Time: 11:25 Members: 14090 Hits: 1790118 News: 281 WebLinks: 15

Snort Log Parser

Contributed by Chad Brandt

Thursday, 17 June 2004
Simple log parser for Snort IDS.

This is a program that will parse the snort messages from your alert log file and display them in a way that is easy to understand. This gives the option to just see the messages for the current day by default and allows you to view specific days or all days with command line argument

Download Snort Log Parser

Example output:

08/30 03:10:47 TCP 64.246.165.150:56040 -> 65.29.17.55:80       (http_inspect) NON-RFC HTTP DELIMITER    13
08/30 07:11:27 TCP 65.29.17.55:1492     -> 64.49.216.105:80     WEB-CGI redirect access                  895
08/30 07:16:18 TCP 65.29.17.55:1858     -> 63.165.133.10:80     WEB-CGI redirect access                  895
08/30 07:29:41 TCP 65.29.17.55:2030     -> 64.233.179.104:80    WEB-IIS %2E-asp access                   972

Comments

how to run
Written by Guest on 2010-07-12 07:57:09

HELLO;
I'M CURRENTLY USING KIWI SYSLOG SERVER TO SEE ALERTS FROM SNORT IDS. BUT KIWI DO NOT PARSE ALERT MESSAGES. I'D LIKE TO KNOW HOW I CAN USE THIS SCRIPT FOR THIS PROBLEM AND HOW CAN I RUN IT?

BY THE WAY I'M USING SNORT ON WINDOWS.

THANKS

Only registered users can write comments.
Please login or register.

Check out TwistByte - The best mobile apps available For awesome Android and IPhone applications!!