Re: take a .pcap file and convert to .csv file

[Jason <security () brvenik com>]

if you are doing this offline and you want every packet to create a line 
then you need a rule like follows as your only rule

alert ip any any -> any any (msg:"Insane logs"; sid:3000000; rev:1)

There are likely better tools for creating a cvs file with header 
information but it will work.

Neil wrote:
> snort users list:
>
>  
>
> I am new to snort.
>
> I am running snort on a windows XP box (sorry my *nix boxes are 
> currently offline).
>
> How do I simultaneously read a tcpdump file and output this same file to 
> csv (for Excel use)?
>
>  
>
> I can read the tcpdump file
>
> F:\snort\bin>snort -r  file.pcap
>
>  
>
> and I have added the following to snort.conf
>
> output alert_CSV: F:\Snort\log\alert.csv 
> timestamp,msg,proto,src,srcport,dst,dstport
>
>  
>
>  
>
> However, How do I combine both actions at once?
>
>  
>
> When I run F:\snort\bin>snort -r  file.pcap  a csv file never materializes.
>
>  
>
> I've read through several email archives, and did not quite see this 
> issue, and tried a few things from answers to other questions with no luck.
>
> Thanks
>
> -neil


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users