IDS Utility Library
Project description
py-idstools is a collection of Python libraries for working with IDS systems (typically Snort and Suricata).
Features
Snort/Suricata unified2 log file reading.
Continuous unified2 directory spool reading with bookmarking (a’la Barnyard2).
Parser and mapping for classification.config.
Parser and mapping for gen-msg.map and sid-msg.map.
Useful utility programs.
Programs
u2json - Convert unified2 files or spool directories to JSON.
gensidmsgmap - Easily create a sid-msg.map file from rule files, directories or a rule tarball.
Requirements
Python 2.6 or 2.7; Python 3.3 works but is not as well tested.
Currently only tested on Linux.
Examples
Reading a Unified2 Spool Directory
The following code snippet will “tail” a unified log directory aggregating records into events:
from idstools import unified2
reader = unified2.SpoolEventReader("/var/log/snort",
"unified2.log", tail=True)
for event in reader:
print(event)
Documentation
Further documentation is located at http://idstools.readthedocs.org.
Changelog
0.4.1
Fix IPv6 address unpacking.
In u2json, if the protocol number can’t be converted to a string, encode the number as a string for a consistent JSON data type.
0.4.0
New tool, u2json to convert unified2 files to JSON.
0.3.1
Support the new appid unified2 event types introduced in Snort 2.9.7.0.alpha.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file idstools-0.4.1.tar.gz.
File metadata
- Download URL: idstools-0.4.1.tar.gz
- Upload date:
- Size: 38.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b5cdda68fbd65659893d7b3dd53b74208b61bef4607f6a3ddc19b3b636d9270e
|
|
| MD5 |
8888d2b29cf2ce2d7e75207460b1399c
|
|
| BLAKE2b-256 |
4c8b4803355c109b047562885635bf849b5c47296a912a91e5a1279537ac1319
|
