[Dshield] Perhaps someone on this list can help me out.

Manuel Lanctot pacu at sympatico.ca
Mon Oct 7 21:14:01 GMT 2002

On Monday 07 October 2002 02:26 pm, John Draper wrote:
> >John Draper wrote:
> >
> >I am not sure if _Unified_ Binary output is the same as binary output, if
> >not please ignore this/flame me, whichever you consider most appropriate.
> >
> >but binary output (obtained by "snort -l <log_directory> -b"), logs
> >everything to a single file (maybe this is where the "unified" comes
> > from?) in a format that tcpdump understands...
> Right - I got that part,  but nobody can tell me if this Unified Binary is
> the same as regular binary,  or what the differences are.
> John

>From what I know, it's the same thing as 'binary output' (everything in the same file). 
And you don't need tcpdump to read it, just do [snort -r <output binary file>]. 
Anyway, it's the same, just a fancier name.

Manuel F. Lanctot
PACU Communications

