Provided by: snort_2.9.7.0-5build1_amd64 bug

NAME
       u2spewfoo -  tool for dumping the contents of unified2 files to stdout


SYNOPSIS
       u2boat <infile>


DESCRIPTION
       This  manual  page  documents briefly the u2spewfoo command.  This manual page was written for the Debian
       distribution because the original program does not have a manual page.

       u2spewfoo is a lightweight tool for dumping the contents of Snort's Unified2  log  files  to  stdout.  In
       order to use it Snort first has to be configured to use this format in its configuration file.

       The  tool  will  take  the  log  file  and  dump  the  information on the events in Standard output. This
       information includes the event and relevant information about it (such as IP  addresses  and  ports,  the
       time  the  event  was  detected,  etc.) as well as the packet that triggered the event (if Snort has been
       configured to store a packet capture associated with events).


EXAMPLES
       To use it run it against a unified2 log file by running: u2spewfoo snort.log

       The following is a sample output of this tool:

       (Event)
           sensor id: 0    event id: 4 event second: 1299698138    event microsecond: 146591
           sig id: 1   gen id: 1   revision: 0  classification: 0
           priority: 0 ip source: 10.1.2.3 ip destination: 10.9.8.7
           src port: 60710 dest port: 80   protocol: 6 impact_flag: 0  blocked: 0

       Packet
           sensor id: 0    event id: 4 event second: 1299698138
           packet second: 1299698138   packet microsecond: 146591
           linktype: 1 packet_length: 54
       [    0] 02 09 08 07 06 05 02 01 02 03 04 05 08 00 45 00  ..............E.
       [   16] 00 28 00 06 00 00 40 06 5C B7 0A 01 02 03 0A 09  .(....@........
       [   32] 08 07 ED 26 00 50 00 00 00 62 00 00 00 2D 50 10  ...&.P...b...-P.
       [   48] 01 00 A2 BB 00 00                                ......

       (ExtraDataHdr)
           event type: 4   event length: 33

       (ExtraData)
           sensor id: 0    event id: 2 event second: 1299698138
           type: 9 datatype: 1 bloblength: 9   HTTP URI: /

       (ExtraDataHdr)
           event type: 4   event length: 78

       (ExtraData)
           sensor id: 0    event id: 2 event second: 1299698138
           type: 10    datatype: 1 bloblength: 12  HTTP Hostname: example.com


SEE ALSO
       snort


AUTHOR
       This program was written by Adam Keeton.

       This manual page was written by Javier Fernandez-Sanguino  <jfs@debian.org>,  for  the  Debian  GNU/Linux
       system (but may be used by others).

                                               12th December 2014                                   U2SPEWFOO(8)