Snort/Barnyard2-1.10 LOG_SYSLOG_FULL Output Logging

Asked Nov 29 '12 at 22:34

Active Nov 30 '12 at 05:54

Viewed 620 times

With log_syslog_full opertion mode set to complete you get the below output.

Can some explain to me what the bold parts are? I have been searching and cannot find any documention explaining the new file output format.

| [SNORTIDS[LOG]: [IDS1] ] || 2012-11-28 20:31:31.747+-06 1 [1:2803567:3] ETPRO POLICY Suspicious User-Agent (LuaSocket) || trojan-activity || 6 69.2.42.86 64.129.104.173 **5 0 0 146 38060 0 0 3635 0** || 41848 80 **4082109343 3023118530 8 0 24 32768 39439 0** ||
**160 00000C07AC050023EBABC57A08004500009294AC0000FF060E3345022A56408168ADA3780050F3500B9FB43120C2801880009A0F00000101080A3198E2CD00000000686F73743A20757064617465732E69726F6E706F72742E636F6D0D0A757365722D6167656E743A204C7561536F636B657420322E300D0A74653A20747261696C6572730D0A636F6E6E656374696F6E3A20636C6F73652C2054450D0A0D0A** ||

edited Nov 30 '12 at 05:54

John Gardeniers

27,262
12
53
108

asked Nov 29 '12 at 22:34

Ron

Snort/Barnyard2-1.10 LOG_SYSLOG_FULL Output Logging

0 Answers0