LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Reading Suricata log files with Barnyard or Wireshark (https://www.linuxquestions.org/questions/linux-security-4/reading-suricata-log-files-with-barnyard-or-wireshark-4175526244/)

OtagoHarbour 11-23-2014 06:28 AM
Reading Suricata log files with Barnyard or Wireshark
 
I have Suricata 2.0.3 running on CentOS 6.5. It generates files that I cannot read. I have read that two options for reading the log files (in unified format) are barnyard and WireShark. I installed barnyard2 2.1.13 and tried to read the Suricata files as outlined here. My command was
Code:
barnyard2 -o /var/log/suricata/*
This resulted in
Code:
Uh, you need to tell me to do something...

ERROR: Fatal Error, Quitting..
Barnyard2 exiting
An alternative approach is to use Wireshark but I have not found much information about this except that it requires a plugin, suriwire, which is available from https://home.regit.org. However, I have not been able to find much information about suriwire or regit.org from familiar sites (such as Linux/security forums) and am therefore unsure whether it is a good idea to install it on my system.

unSpawn 11-24-2014 04:14 AM
Quote:
Originally Posted by OtagoHarbour (Post 5273748)
Code:
Uh, you need to tell me to do something...
Start by not thinking you should take any shortcuts. Please, both Suricata and Barnyard2 documentation make it unambiguously clear how to configure and run Barnyard2.


All times are GMT -5. The time now is 09:41 PM.