<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div>Hello all, </div><div><br data-mce-bogus="1"></div><div>I've been working on a small project that I thought some fellow Suricata users might be interested in. </div><div><br data-mce-bogus="1"></div><div>The project is called "Meer" and the idea behind it is similar too "Barnyard2", but rather than reading Snort’s “Unified2” files, Meer reads Suricata and Sagan EVE/JSON alert files.<br data-mce-bogus="1"></div><div></div><div></div><div></div><div><br data-mce-bogus="1"></div><div>"Meer" can store to the traditional Snort style database so it remains functional with consoles like Snorby, Sguil, etc. We've also extended the database to support extra Suricata metadata (http, tls, dns, etc) from alerts. </div><div><br data-mce-bogus="1"></div><div>"Meer" is fast, simple and light weight. </div><div><br data-mce-bogus="1"></div><div>For more information, please check out https://github.com/beave/meer (the README.md goes into more details).</div><div><br data-mce-bogus="1"></div><div>Thanks! </div><div><br data-mce-bogus="1"></div><div><br></div><div><br></div><div data-marker="__SIG_PRE__">- Champ Clark III<br> cclark@quadrantsec.com<br><br></div></div></body></html>