NAME
eris::log::context::snort - Parses the Snort and Suricata alert logs
VERSION
version 0.008
SYNOPSIS
This parses data in the Snort and Suricata alert logs into structured data.
ATTRIBUTES
matcher
Matches the literal string 'snort' and 'suricata'
METHODS
contextualize_message
Extracts information from the Snort and Suricata alert logs
name => rule name
class => rule classification
pri => rule priority
proto_app => protocol
And
src_ip src_port dst_ip dst_port
Tags messages with 'security' and 'ids'.
SEE ALSO
eris::log::contextualizer, eris::role::context
AUTHOR
Brad Lhotsky <brad@divisionbyzero.net>
COPYRIGHT AND LICENSE
This software is Copyright (c) 2015 by Brad Lhotsky.
This is free software, licensed under:
The (three-clause) BSD License