[Dshield] Perhaps someone on this list can help me out.
pacu at sympatico.ca
Mon Oct 7 21:14:01 GMT 2002
On Monday 07 October 2002 02:26 pm, John Draper wrote:
> >John Draper wrote:
> >I am not sure if _Unified_ Binary output is the same as binary output, if
> >not please ignore this/flame me, whichever you consider most appropriate.
> >but binary output (obtained by "snort -l <log_directory> -b"), logs
> >everything to a single file (maybe this is where the "unified" comes
> > from?) in a format that tcpdump understands...
> Right - I got that part, but nobody can tell me if this Unified Binary is
> the same as regular binary, or what the differences are.
>From what I know, it's the same thing as 'binary output' (everything in the same file).
And you don't need tcpdump to read it, just do [snort -r <output binary file>].
Anyway, it's the same, just a fancier name.
Manuel F. Lanctot
More information about the list