comment on

Haha this is my first ever work with Perl so it would probably be a big task for me to rewrite it, but I'll still still take a look.

I am left with a couple options so far: 1. Snort logs to a regular ascii file that will work with File::Tail 2. Snort logs to pcap binary files that can be one or multiple log files but for one file, I wouldn't be able to use a continuous file.

What my boss wants is to create a parsed log about every 24 hours with the data acquired. I guess to start off, would this be better to implement on one continuous log? or would it be better to lets say, tell Snort to stop once the file is xx MB and then parse each of those?

I am not really sure how to approach this problem as you can see. There are a couple options but I cant determine which road to take.

In reply to Re^3: Parsing Snort Binary Files by Anonymous Monk
in thread Parsing Snort Binary Files by ahuang14

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.