NAME

eris::log::context::snort - Parses the Snort and Suricata alert logs

VERSION

version 0.008

SYNOPSIS

This parses data in the Snort and Suricata alert logs into structured data.

ATTRIBUTES

matcher

Matches the literal string 'snort' and 'suricata'

METHODS

contextualize_message

Extracts information from the Snort and Suricata alert logs

name      => rule name
class     => rule classification
pri       => rule priority
proto_app => protocol

And

src_ip src_port dst_ip dst_port

Tags messages with 'security' and 'ids'.

SEE ALSO

eris::log::contextualizer, eris::role::context

AUTHOR

Brad Lhotsky <brad@divisionbyzero.net>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2015 by Brad Lhotsky.

This is free software, licensed under:

The (three-clause) BSD License