Hello
Please How can I parse snort logs with grok pattern?
05/30-09:08:58.481608 [] [1:10000001:1] ICMP test detected [] [Classification: Generic ICMP event] [Priority: 3] {ICMP} @IP -> @IP
Many thanks
Hi,
Im hoping that https://www.youtube.com/watch?v=SKSqPRwDfns will aid in your beginnings here.
and patterns here to aid build this out: https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns
If you google snort grok patterns you find plenty of keys come up along the way
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.