LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Reading Suricata log files with Barnyard or Wireshark
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-23-2014, 06:28 AM   #1
OtagoHarbour
Member
 
Registered: Oct 2011
Posts: 332

Rep: Reputation: 3
Reading Suricata log files with Barnyard or Wireshark

I have Suricata 2.0.3 running on CentOS 6.5. It generates files that I cannot read. I have read that two options for reading the log files (in unified format) are barnyard and WireShark. I installed barnyard2 2.1.13 and tried to read the Suricata files as outlined here. My command was
Code:
barnyard2 -o /var/log/suricata/*
This resulted in
Code:
Uh, you need to tell me to do something...

ERROR: Fatal Error, Quitting..
Barnyard2 exiting
An alternative approach is to use Wireshark but I have not found much information about this except that it requires a plugin, suriwire, which is available from https://home.regit.org. However, I have not been able to find much information about suriwire or regit.org from familiar sites (such as Linux/security forums) and am therefore unsure whether it is a good idea to install it on my system.
 
Old 11-24-2014, 04:14 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by OtagoHarbour View Post
Code:
Uh, you need to tell me to do something...
Start by not thinking you should take any shortcuts. Please, both Suricata and Barnyard2 documentation make it unambiguously clear how to configure and run Barnyard2.
 
  


Reply

Tags
barnyard, wireshark



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Suricata SC_ERR_NOT_SUPPORTED(225) for Eve-log support OtagoHarbour Linux - Security 2 09-30-2014 08:19 PM
reading apache log files fiona333 Linux - Newbie 1 06-28-2007 01:11 PM
SAMBA Log files and reading them shawnbishop Linux - Software 1 12-18-2006 02:28 PM
Reading the log files using Java sboothman Programming 3 11-16-2006 06:32 AM
Reading Log files with NetTracker PensJunkie Linux - Software 2 07-30-2005 09:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:49 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration