IDS logs

Let's make use of Sawmill again, this time to parse snort logs:

  1. We will select Create New Profilewhich will result in the following:
  1. Select Snort logs and then press Next, which will show us the log-detection process:
  1. On successfully detecting the log type, we will get the following options:
  1. Select Sourcefire Snort 2 format ...

Get Hands-On Network Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.