[Oisf-users] Does anyone have a recommend tool or process for "pretty-printing" suricata text logs in color?

Alan Wanderley dos Santos alan.santos at rnp.br
Fri Jan 29 14:12:53 UTC 2016 

Hi Cooper,

I don't know what kind of output you are thinking to use colors, but, i wrote a little script that set a mark on each line according with the keywords matches. Maybe, you can use for add you own tag (font color as example).

Usage:

./setColors.pl mergedLogs.log keyword.txt colorFile.log

I hope that be usefull for you!

Kind regards!

att,

-----------------------------------------------
Alan Santos
Analista de Segurança
Centro de Atendimento a Incidentes de Segurança (CAIS)
Rede Nacional de Ensino e Pesquisa (RNP)
(19) 3787-3314 | alan.santos at rnp.br

----- Mensagem original -----
De: "Cooper F. Nelson" <cnelson at ucsd.edu>
Para: "Alan Wanderley dos Santos" <alan.santos at rnp.br>
Cc: oisf-users at lists.openinfosecfoundation.org
Enviadas: Quinta-feira, 28 de janeiro de 2016 19:30:23
Assunto: Re: [Oisf-users] Does anyone have a recommend tool or process for "pretty-printing" suricata text logs in color?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Basically I'm merging the DNS/HTTP logs with the alerts; so I was
thinking something like bright green for the DNS/HTTP lines; yellow for
keyword matches and orange for the alerts themselves.

- -Coop

On 1/28/2016 12:03 PM, Alan Wanderley dos Santos wrote:
> Hi Cooper,
> 
> Each keywork must be a uniq color or you just want highlight all events that match with any keywork of this list?
> 
> Regards,
> 
> -----------------------------------------------
> Alan Santos
> Analista de Segurança
> Centro de Atendimento a Incidentes de Segurança (CAIS)
> Rede Nacional de Ensino e Pesquisa (RNP)
> (19) 3787-3314 | alan.santos at rnp.br
> 
> ----- Mensagem original -----
> De: "Cooper F. Nelson" <cnelson at ucsd.edu>
> Para: oisf-users at lists.openinfosecfoundation.org
> Enviadas: Quinta-feira, 28 de janeiro de 2016 16:19:40
> Assunto: [Oisf-users] Does anyone have a recommend tool or process for "pretty-printing" suricata text logs in color?
> 
> See subject.  Basically what I want to do is put together a forensics
> tool that will pull lines from the logs based on a list of keywords,
> sort them chronologically and then display them in color for an analyst
> to look at.
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
> 

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJWqohvAAoJEKIFRYQsa8FWIwcIALhjCc7l+/pBGV2QHr4cDV1S
wh6TOYU4aZ/La1XKgZiI+R1po+BHyOwsDpSionaXe/7X/wmt+jjvxjOxkN9mb1gr
DHvlwHVKzj0twxm/y8asqNms+/D3af23ZNu0y7fU+GPHa2A+l/GYgHMpIV5jxgqt
H5qpB82dzDqX/NZzk2LV/2MPJh8afQI71B4GwHl1dDnWrEj01T7MfUg8hPdb74dm
/310juKJ9Xno171zsP1afxwAJLzpO56XZgwEl3TCIuHfxx+8hPHrqJZL8q8Z/WJC
Srh2MMf+K1ONMkSgsovgJ538MnF2QVCByRyYSIyVWpgW0AlRW8YEccttn1xZXi4=
=/HGa
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: setColors.pl
Type: application/x-perl
Size: 2892 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160129/03614dc8/attachment-0002.bin>

More information about the Oisf-users mailing list