Provided by: snort_2.9.15.1-6build1_amd64 bug

NAME

       u2spewfoo -  tool for dumping the contents of unified2 files to stdout

SYNOPSIS

       u2boat <infile>

DESCRIPTION

       This  manual  page  documents briefly the u2spewfoo command.  This manual page was written
       for the Debian distribution because the original program does not have a manual page.

       u2spewfoo is a lightweight tool for dumping the contents of Snort's Unified2 log files  to
       stdout.  In  order  to  use  it Snort first has to be configured to use this format in its
       configuration file.

       The tool will take the log file and dump the information on the events in Standard output.
       This  information  includes  the  event  and  relevant  information  about  it (such as IP
       addresses and ports, the time the event was detected, etc.) as well  as  the  packet  that
       triggered  the  event  (if  Snort has been configured to store a packet capture associated
       with events).

EXAMPLES

       To use it run it against a unified2 log file by running: u2spewfoo snort.log

       The following is a sample output of this tool:

       (Event)
           sensor id: 0    event id: 4 event second: 1299698138    event microsecond: 146591
           sig id: 1   gen id: 1   revision: 0  classification: 0
           priority: 0 ip source: 10.1.2.3 ip destination: 10.9.8.7
           src port: 60710 dest port: 80   protocol: 6 impact_flag: 0  blocked: 0

       Packet
           sensor id: 0    event id: 4 event second: 1299698138
           packet second: 1299698138   packet microsecond: 146591
           linktype: 1 packet_length: 54
       [    0] 02 09 08 07 06 05 02 01 02 03 04 05 08 00 45 00  ..............E.
       [   16] 00 28 00 06 00 00 40 06 5C B7 0A 01 02 03 0A 09  .(....@........
       [   32] 08 07 ED 26 00 50 00 00 00 62 00 00 00 2D 50 10  ...&.P...b...-P.
       [   48] 01 00 A2 BB 00 00                                ......

       (ExtraDataHdr)
           event type: 4   event length: 33

       (ExtraData)
           sensor id: 0    event id: 2 event second: 1299698138
           type: 9 datatype: 1 bloblength: 9   HTTP URI: /

       (ExtraDataHdr)
           event type: 4   event length: 78

       (ExtraData)
           sensor id: 0    event id: 2 event second: 1299698138
           type: 10    datatype: 1 bloblength: 12  HTTP Hostname: example.com

SEE ALSO

       snort (8)

AUTHOR

       This program was written by Adam Keeton.

       This manual page was written by Javier Fernandez-Sanguino <jfs@debian.org>, for the Debian
       GNU/Linux system (but may be used by others).

                                        12th December 2014                           U2SPEWFOO(8)