SNORT: Cara membaca snort.log file
Sumber: https://www.safaribooksonline.com/library/view/snort-cookbook/0596007914/ch01s20.html
Gunakan opsi -r <filename> untuk membaca capture file binary dari libpcap format,
snort -dv -r /var/log/snort/snort.log.1085148255
Jika kita ingin menbaca binary file snort.log.1085148255 dan menyimpan semua taffic dalam bentuk format ASCII di directory,
snort -r /var/log/snort/snort.log.1085148255 -l ~/log.txt
berikut adalah membaca binary file snort.log.108514825 dan memproses traffic sesuai dengan parameter snort.conf,
snort -r /var/log/snort/snort.log.1085148255 -l ~/log -c /etc/snort/snort.conf
berikut adalah membaca binary file snort.log.1085148255 dan menayangkan hanya traffic TCP ke layar:
snort -dv -r /var/log/snort/snort.log.1085148255 tcp
When processing capture files, Snort can be used in any of its three modes; sniffer, packet logger, and NIDS. The first example displays the logfile packets to the screen. You can also choose to log them to ASCII files or run the file through the rules engine. You can also use the command-line filters to look for certain packets as you process the logfile, such as TCP packets.