Hi.<br><br>Although I have got suricata to output to fast.log the archived logs are put into unified2 log format.<br><br>I have tried to use <a href="http://code.google.com/p/snort-unified-perl/">http://code.google.com/p/snort-unified-perl/</a> - but this seemed to fail.<br>
<br>I have tried installing barnyard on my local machine and copied the logs and confirm files from the server (I am most likely doing this wrong)<br><br>barnyard -f unified2.alert -d /home/morgan/suricata/ -c /home/morgan/Downloads/barnyard-0.2.0/etc/barnyard.conf -p /home/morgan/csmith-suricata/suricata/classification.config -s /home/morgan/csmith-suricata/suricata/rules/emerging-sid-msg.map -vvvvv -g /home/morgan/csmith-suricata/suricata/gen-msg.map -L /home/morgan/ <br>
<br>Gives:-<br>---------------------------<br>Barnyard Version 0.2.0 (Build 32) <br>
Command line arguments: <br> Config file: /home/morgan/Downloads/barnyard-0.2.0/etc/barnyard.conf <br>
Spool dir: /home/morgan/suricata/ <br> Gen-msg file: /home/morgan/csmith-suricata/suricata/gen-msg.map <br>
Sid-msg file: /home/morgan/csmith-suricata/suricata/rules/emerging-sid-msg.map <br> Class file: /home/morgan/csmith-suricata/suricata/classification.config <br>
Log dir: /home/morgan/ <br> Archive dir: Not specified <br>
File base: unified2.alert <br> Waldo file: Not specified <br>
Pid file: Not specified <br> Verbosity level: 5 <br>
Dry run flag: Not Set <br> Batch mode flag: Not Set <br>
Daemon flag: Not Set <br> New records only flag: Not Set <br>
Usage flag: Not Set <br> Version flag: Not Set <br>
Config file variables: <br> Hostname: snorthost <br>
Interface: fxp0 <br> BPF Filter: not port 22 <br>
Class file: Not specified <br> Sid-msg file: Not specified <br>
Gen-msg file: Not specified <br> Daemon flag: Not Set <br>
Localtime flag: Not Set <br>Program Variables: <br>
Continual processing mode <br> Config dir: /home/morgan/Downloads/barnyard-0.2.0/etc <br>
Config file: /home/morgan/Downloads/barnyard-0.2.0/etc/barnyard.conf <br> Sid-msg file: /home/morgan/csmith-suricata/suricata/rules/emerging-sid-msg.map <br>
Gen-msg file: /home/morgan/csmith-suricata/suricata/gen-msg.map <br> Class file: /home/morgan/csmith-suricata/suricata/classification.config <br>
Hostname: snorthost <br> Interface: fxp0 <br>
BPF Filter: not port 22 <br> Log dir: /home/morgan/ <br>
Verbosity: 5 <br> Localtime: 0 <br>
Spool dir: /home/morgan/suricata/ <br> Spool file: unified2.alert <br>
Start at end: 0 <br>Opened spool file '/home/morgan/suricata//unified2.alert.1282825983' <br>
Error reading magic from '/home/morgan/suricata//unified2.alert.1282825983' <br>Closing spool file '/home/morgan/suricata//unified2.alert.1282825983'. Read 0 records <br>
Opened spool file '/home/morgan/suricata//unified2.alert.1282826838' <br>Error reading magic from '/home/morgan/suricata//unified2.alert.1282826838' <br>
Closing spool file '/home/morgan/suricata//unified2.alert.1282826838'. Read 0 records <br>Opened spool file '/home/morgan/suricata//unified2.alert.1282827192' <br>
---------------------------<br><br>Is it actually possible for me to view the logs ?<br><br>Can anyone give me an example how to ?<br><br>Cheers<br>