IDS logs

Let's make use of Sawmill again, this time to parse snort logs:

  1. We will select Create New Profilewhich will result in the following:
  1. Select Snort logs and then press Next, which will show us the log-detection process:
  1. On successfully detecting the log type, we will get the following options:
  1. Select Sourcefire Snort 2 format ...

Get Hands-On Network Forensics now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.