Logo of unified2 FOR LINUX

Linux Apps

unified2 FOR LINUX

5.0
FREE
Download Broken link

What is unified2 FOR LINUX?


unified2


unified2 is a cool parser built with Python, specifically for IDS logs that come in the unified2 binary log format. If you’re familiar with Snort, you’ll get the idea!



Understanding unified2 Logs


This module helps you process those IDS logs and turns them into Python objects. But just to be clear, it doesn’t resolve rule IDs and isn’t meant to replace barnyard2 or Snort itself for that job.



Main Purpose of unified2


The main goal here is to extract packet data from the logs linked to specific triggered rules. These rules are logged separately using other methods like alert_syslog or alert_csv from Snort modules. So, I didn’t focus too much on processing event metadata.



How Portable is It?


One great thing about this module is that it doesn't include C components and avoids using ctypes. This means it should work well on non-cPython language implementations too!



Getting Started with Definitions


The format definition comes from Snort headers, specifically src/sfutil/Unified2_common.h, using the pyclibrary module. These definitions are cached in the unified2/_format.py file.



Updating Definitions


If new data types pop up, you can generate updated definitions by running a script on Snort's Unified2_common.h:


          bzr branch lp:pyclibrary

          cd pyclibrary

          python .../unified2/_format.py .../snort-2.X.Y.Z/src/sfutil/Unified2_common.h


Installation Made Easy!


This package works with Python 2.7 (not 3.X). The best way to install it is using pip:


          % pip install unified2

If you don’t have pip yet, no worries! You can set it up like this:


          % easy_install pip

          % pip install unified2


Alternative Installation Methods


You could also try this method if needed:


          % curl https://raw.github.com/pypa/pip/master/contrib/get-pip.py | python

          % pip install unified2

If absolutely necessary, there’s always:


          % easy_install unified2

(But seriously, try not to do that!)



The Current Git Version


If you want the latest version from GitHub, here’s how:


          % pip install -e 'git://github.com/mk-fg/unified2.git#egg=unified2'

Click here to download unified2 for Linux!

How Download Works

Go to the Softpas website, press the 'Downloads' button, and pick the app you want to download and install—easy and fast!

Read more about DMCA
SoftPas Safety Info
SoftPas

SoftPas is your platform for the latest software and technology news, reviews, and guides. Stay up to date with cutting-edge trends in tech and software development.

Recent

Help

Subscribe to newsletter

© Copyright 2024, SoftPas, All Rights Reserved.