Search code examples
securityloggingfile-formatlogfilesnort

decoded snort logs

I used this command : 

$ snort -b -l /home/username/snort-2.9.9.0/snort_logs

to log snort packets, but it give me ASCII format ..

I want the log file in a normal text format,How can i do this?

Thanks

Solution

  • To use hadoop for analyze snort, first you need to upload after convert the snort logs to readable text. I decoded snort logs that stored in the mysql whenever necessary. As below php code is my decoding tools

    [rawdata_up.php]

    <html>
<head>
<link rel="stylesheet" href="./main.css">
<script lang="javascript">
function checkInput (form) {
 if(!(form.userfile.value)) {
            alert("choice file");
            form.userfile.focus();
        return;
    }

myChoices.submit();
}
</script>

</head>
<body>
<form name=myChoices method="POST" ENCTYPE="multipart/form-data" action="rawdata_post.php?TyPe=<?$TyPe?>">
<table width="802" border="0" cellspacing="0" cellpadding="1" align="center">
<tr><td bgcolor="#8080FF">
<table width="800" border="0" cellspacing="1" cellpadding="5" align="center">
<tr>
<td width="800" colspan="5" align="center" bgcolor="#CFD0ED"><b>Mass Rawdata Decoding Page</b></td>
</tr>
<tr>
        <td colspan="5" bgcolor="#FAFAEE"></td>
</tr>
<td align="center" bgcolor="#FAFAEE"><font size=2><b>File</b></font></td>
<td align="center" bgcolor="#FAFAEE">
<input type="file" name="userfile" size="60"></td>
          <td style='padding-left:10px;'bgcolor=#FAFAEE>
                <select name=TyPe>
                <option value='A'>HEX</option>
                <option value='B'>URL</option>
                </select>
                </td>
</tr>
<td align="center" colspan="5" bgcolor="CFD0ED">
<font size=2>
<input type="button" value="Decode" onclick="checkInput(this.form)">
</font>
</td>
</tr>
</table>
</form>
</body>
<table align="center"><a href=http://localhost/index.html>home</a></table>
</html>

    [rawdata_post.php]

    <table border=1 cellspacing=1 bgcolor=black>
<?
function hex2bin($hexdata) {
  $bindata="";

  for ($i=0;$i<strlen($hexdata);$i+=2) {
    $bindata.=chr(hexdec(substr($hexdata,$i,2)));
  }

  return $bindata;
}
#####uploaded file directory####
$TyPe = $HTTP_POST_VARS["TyPe"];
#$uploaddir = 'rawdata_tmp/';
$uploaddir = '../../PHP/phptemp/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];
$userfile_name = $_FILES['userfile']['name'];
print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {

#$csv_file = "rawdata_tmp/$userfile_name";
$csv_file = "../../PHP/phptemp/$userfile_name";
 $fp = fopen ("$csv_file","r");
        while ($line = fgetcsv($fp,100000,","))
         {
        for ($i = 0 ; $i < sizeof($line) ; $i++) {
                $field_[$i] = $line[$i] ;
                $STR = hex2bin($field_[$i]);
                $STR2=$field_[$i];
                if ($TyPe=='A'){
                $STR=htmlspecialchars($STR);
        ?>
<tr bgcolor=white><td>
        <?
                echo $STR;
        ?>
</td></tr>  
        <?
                }else{
                $STR2=urldecode("$STR2");
                $STR2=htmlspecialchars($STR2);
        ?>
<tr bgcolor=white><td>
        <?
                echo $STR2;
        ?>
</td></tr>
        <?
                }
                }
        }
        fclose($fp);
} else {
 print "upload fail~~\n";
 print_r($_FILES);
}
print "</pre>";
?>
</table>
<title>
<?
echo $userfile_name
?>
</title>
<a href=http://localhost/index.html>home</a></table>

    Good luck~