Parse snort los


(Hanen) #1

Hello

Please How can I parse snort logs with grok pattern?

05/30-09:08:58.481608 [] [1:10000001:1] ICMP test detected [] [Classification: Generic ICMP event] [Priority: 3] {ICMP} @IP -> @IP

Many thanks


(Jymit Singh Khondhu) #2

Hi,

Im hoping that https://www.youtube.com/watch?v=SKSqPRwDfns will aid in your beginnings here.
and patterns here to aid build this out: https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns

If you google snort grok patterns you find plenty of keys come up along the way


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.