[Oisf-devel] [PATCH] numlog: new alert output
Eric Leblond
eric at regit.org
Sat Oct 1 00:14:44 UTC 2011
Hello,
Attached to this mail is a patch which brings a new output module which
aim is to provide a way to interact between suricata and pcap parser
like wireshark.
This is a line based logging with a very simple format:
PKT_ID:SID:0:0:MSG
The two zero values are to permit to indicate the byte start and byte
end of the matches. This has not yet been done because it requires more
modifications and it is more intrusive. Using the PKT_ID, pcap parsers
can then easily do a link between suricata alerts and packets.
I've developed a wireshark plugin which uses this output to provide a
clean and efficient way to add suricata alerts information inside
wireshark:
http://home.regit.org/software/suriwire/
This is currently in alpha stage but it is already usable.
BR,
--
Eric Leblond
Blog: http://home.regit.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-numlog-alert-format.patch
Type: text/x-patch
Size: 11574 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20111001/e59bc505/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20111001/e59bc505/attachment.sig>
More information about the Oisf-devel
mailing list