[Oisf-users] How to view unified2 logs ?
Morgan Cox
morgancoxuk at gmail.com
Tue Oct 26 15:08:51 UTC 2010
Hi.
Although I have got suricata to output to fast.log the archived logs are put
into unified2 log format.
I have tried to use http://code.google.com/p/snort-unified-perl/ - but this
seemed to fail.
I have tried installing barnyard on my local machine and copied the logs and
confirm files from the server (I am most likely doing this wrong)
barnyard -f unified2.alert -d /home/morgan/suricata/ -c
/home/morgan/Downloads/barnyard-0.2.0/etc/barnyard.conf -p
/home/morgan/csmith-suricata/suricata/classification.config -s
/home/morgan/csmith-suricata/suricata/rules/emerging-sid-msg.map -vvvvv -g
/home/morgan/csmith-suricata/suricata/gen-msg.map -L /home/morgan/
Gives:-
---------------------------
Barnyard Version 0.2.0 (Build
32)
Command line
arguments:
Config file:
/home/morgan/Downloads/barnyard-0.2.0/etc/barnyard.conf
Spool dir:
/home/morgan/suricata/
Gen-msg file:
/home/morgan/csmith-suricata/suricata/gen-msg.map
Sid-msg file:
/home/morgan/csmith-suricata/suricata/rules/emerging-sid-msg.map
Class file:
/home/morgan/csmith-suricata/suricata/classification.config
Log dir:
/home/morgan/
Archive dir: Not
specified
File base:
unified2.alert
Waldo file: Not
specified
Pid file: Not
specified
Verbosity level:
5
Dry run flag: Not
Set
Batch mode flag: Not
Set
Daemon flag: Not
Set
New records only flag: Not
Set
Usage flag: Not
Set
Version flag: Not
Set
Config file
variables:
Hostname:
snorthost
Interface:
fxp0
BPF Filter: not port
22
Class file: Not
specified
Sid-msg file: Not
specified
Gen-msg file: Not
specified
Daemon flag: Not
Set
Localtime flag: Not
Set
Program
Variables:
Continual processing
mode
Config dir:
/home/morgan/Downloads/barnyard-0.2.0/etc
Config file:
/home/morgan/Downloads/barnyard-0.2.0/etc/barnyard.conf
Sid-msg file:
/home/morgan/csmith-suricata/suricata/rules/emerging-sid-msg.map
Gen-msg file:
/home/morgan/csmith-suricata/suricata/gen-msg.map
Class file:
/home/morgan/csmith-suricata/suricata/classification.config
Hostname:
snorthost
Interface:
fxp0
BPF Filter: not port
22
Log dir:
/home/morgan/
Verbosity:
5
Localtime:
0
Spool dir:
/home/morgan/suricata/
Spool file:
unified2.alert
Start at end:
0
Opened spool file
'/home/morgan/suricata//unified2.alert.1282825983'
Error reading magic from
'/home/morgan/suricata//unified2.alert.1282825983'
Closing spool file '/home/morgan/suricata//unified2.alert.1282825983'. Read
0
records
Opened spool file
'/home/morgan/suricata//unified2.alert.1282826838'
Error reading magic from
'/home/morgan/suricata//unified2.alert.1282826838'
Closing spool file '/home/morgan/suricata//unified2.alert.1282826838'. Read
0
records
Opened spool file
'/home/morgan/suricata//unified2.alert.1282827192'
---------------------------
Is it actually possible for me to view the logs ?
Can anyone give me an example how to ?
Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20101026/6fffa362/attachment-0002.html>
More information about the Oisf-users
mailing list