[Oisf-users] Does anyone have a recommend tool or process for "pretty-printing" suricata text logs in color?

Cooper F. Nelson cnelson at ucsd.edu
Thu Jan 28 21:30:23 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Basically I'm merging the DNS/HTTP logs with the alerts; so I was
thinking something like bright green for the DNS/HTTP lines; yellow for
keyword matches and orange for the alerts themselves.

- -Coop

On 1/28/2016 12:03 PM, Alan Wanderley dos Santos wrote:
> Hi Cooper,
> 
> Each keywork must be a uniq color or you just want highlight all events that match with any keywork of this list?
> 
> Regards,
> 
> -----------------------------------------------
> Alan Santos
> Analista de Seguran├ža
> Centro de Atendimento a Incidentes de Seguran├ža (CAIS)
> Rede Nacional de Ensino e Pesquisa (RNP)
> (19) 3787-3314 | alan.santos at rnp.br
> 
> ----- Mensagem original -----
> De: "Cooper F. Nelson" <cnelson at ucsd.edu>
> Para: oisf-users at lists.openinfosecfoundation.org
> Enviadas: Quinta-feira, 28 de janeiro de 2016 16:19:40
> Assunto: [Oisf-users] Does anyone have a recommend tool or process for "pretty-printing" suricata text logs in color?
> 
> See subject.  Basically what I want to do is put together a forensics
> tool that will pull lines from the logs based on a list of keywords,
> sort them chronologically and then display them in color for an analyst
> to look at.
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
> 

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJWqohvAAoJEKIFRYQsa8FWIwcIALhjCc7l+/pBGV2QHr4cDV1S
wh6TOYU4aZ/La1XKgZiI+R1po+BHyOwsDpSionaXe/7X/wmt+jjvxjOxkN9mb1gr
DHvlwHVKzj0twxm/y8asqNms+/D3af23ZNu0y7fU+GPHa2A+l/GYgHMpIV5jxgqt
H5qpB82dzDqX/NZzk2LV/2MPJh8afQI71B4GwHl1dDnWrEj01T7MfUg8hPdb74dm
/310juKJ9Xno171zsP1afxwAJLzpO56XZgwEl3TCIuHfxx+8hPHrqJZL8q8Z/WJC
Srh2MMf+K1ONMkSgsovgJ538MnF2QVCByRyYSIyVWpgW0AlRW8YEccttn1xZXi4=
=/HGa
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list