Parse snort los

(Hanen) #1


Please How can I parse snort logs with grok pattern?

05/30-09:08:58.481608 [] [1:10000001:1] ICMP test detected [] [Classification: Generic ICMP event] [Priority: 3] {ICMP} @IP -> @IP

Many thanks

(Jymit Singh Khondhu) #2


Im hoping that will aid in your beginnings here.
and patterns here to aid build this out:

If you google snort grok patterns you find plenty of keys come up along the way

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.