Python script to convert snort alert to csv
Question
I'm new to python. So please support me I want to convert from snort alert to csv with some specific value
Here are the snort alert (can read by notepad):
[**] [1:2015665:1] ET CURRENT_EVENTS NeoSploit - TDS [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
03/14-14:13:24.731076 192.168.52.10:1060 -> 67.196.50.144:80
TCP TTL:57 TOS:0x0 ID:34187 IpLen:20 DgmLen:258 DF
***A**** Seq: 0xBB770235 Ack: 0x9A83A217 Win: 0x3CB8 TcpLen: 20
[**] [1:2021076:1] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
03/14-14:13:24.845200 67.196.50.144:80 -> 192.168.52.10:1060
TCP TTL:128 TOS:0x0 ID:1442 IpLen:20 DgmLen:5880 DF
***A**** Seq: 0x9A83C2E5 Ack: 0xBB77030F Win: 0xFFFF TcpLen: 20
I want to filter some information such as Alert, Src IP, Src port, Dst IP, Dst port, Protocol DgmLen and save to a csv file.
Alert SrcIP Srcport DstIP Dstport Protocol DgmLen
ET Current event... 192.168.52.10 1060 67.196.50.144 80 TCP 258
ET INFO SUSPICIOUS 67.196.50.144 80 192.168.52.10 1060 TCP 5880
1 answers
solution1
0 2017-05-12 08:06:40
- Read 6 lines to a
array - Create a
dictto hold the data you want. - Extract Column
Alertfromarray[0] - Extract Column
SrcIP, Srcport, DstIP, Dstport, Protocol , DgmLenfromarray[2]andarray[3] - Write to CSV file using
csv.DictWriter
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Execute script on Snort alert
Convert Snort string to Python timestamp
Reading/Parsing Snort Alert File Using Python
python script to convert csv to xml
Python Script to Convert CSV to GeoJSON
Convert txt to csv python script
Python script to convert csv to dump into database
Convert complex txt to csv python script
Parsing Snort Alert File with Regex
How to use python with snort?
Related Tags