I'm captured the traffic with this command /usr/loca/bin/snort -ieth0 -l /var/log/snort since behind i 开发者_如何学JAVAnever put -b so it's not binary file.. but when i write a program to read the log file seem like display all unknown word...so it's mean it still a binary file rite... any other method to specify it must be ASCII format? like need to configure on snort.conf or else?
You can use snort -A console -c /etc/snort/snort.conf -l /var/log/snort/ -K ascii
Most applications read the binary log format. Also for performance reasons the binary format is preferred. I would simply log to the unified log format and use barnyard to convert the logs to text on the fly. This will allow you the flexibility of having binary logs as well as text.
Alternatively, you may enable ASCII based inbuild syslog support from snort configuration:
in /etc/snort/snort.conf: output alert_syslog: host=dest_ip:dest_port, LOG_USER LOG_DEBUG LOG_PERROR
This will intern generates syslog in /var/log/messages:
11/02-20:54:28.404290 [] [1:478:2] sig_name_p80 [] [Classification: Potentially Bad Traffic] [Priority: 5 ] {TCP} 172.30.1.248:63880 -> 172.30.2.69:30002 11/02-20:54:28.404330 [] [1:478:2] sig_name_p80 [] [Classification: Potentially Bad Traffic] [Priority: 5 ] {TCP} 172.30.2.69:30002 -> 172.30.1.248:63880
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论