I have Suricata 2.0.3 running on CentOS 6.5. It generates files that I cannot read. I have read that two options for reading the log files (in unified format) are barnyard and WireShark. I installed barnyard2 2.1.13 and tried to read the Suricata files as outlined here. My command was
Code:
barnyard2 -o /var/log/suricata/*
This resulted in
Code:
Uh, you need to tell me to do something...
ERROR: Fatal Error, Quitting..
Barnyard2 exiting
An alternative approach is to use Wireshark but I have not found much information about this except that it requires a plugin, suriwire, which is available from
https://home.regit.org. However, I have not been able to find much information about suriwire or regit.org from familiar sites (such as Linux/security forums) and am therefore unsure whether it is a good idea to install it on my system.