idstools

IDS Utility Library

Project description

py-idstools is a collection of Python libraries for working with IDS systems (typically Snort and Suricata).

Features

Snort/Suricata unified2 log file reading.
Continuous unified2 directory spool reading with bookmarking (a’la Barnyard2).
Parser and mapping for classification.config.
Parser and mapping for gen-msg.map and sid-msg.map.

Requirements

Python 2.6 or 2.7; Python 3.3 works but is not as well tested.
Currently only tested on Linux.

Examples

Reading a Unified2 Spool Directory

The following code snippet will “tail” a unified log directory aggregating records into events:

from idstools import unified2

reader = unified2.SpoolEventReader("/var/log/snort",
    "unified2.log", tail=True)
for event in reader:
    print(event)

Documentation

Further documentation is located at http://idstools.readthedocs.org.

Project details

Release history Release notifications | RSS feed

0.6.4

Aug 3, 2020

0.6.3

Nov 20, 2017

0.6.2

Aug 9, 2017

0.6.1

May 25, 2017

0.6.0

Mar 29, 2017

0.5.6

Mar 7, 2017

0.5.5

Dec 29, 2016

0.5.4

Sep 21, 2016

0.5.3

Jun 24, 2016

0.5.2

Feb 8, 2016

0.5.1

Oct 29, 2015

0.5.0

May 27, 2015

0.4.4

Dec 19, 2014

0.4.3

Dec 12, 2014

0.4.2

Aug 4, 2014

0.4.1

Jun 9, 2014

0.4.0

Apr 16, 2014

0.3.1

Feb 28, 2014

This version

0.3.0

Feb 28, 2014

0.2.0

Jan 22, 2014

0.1.1

Jul 19, 2013

0.1.0

Jul 17, 2013

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for idstools, version 0.3.0
Filename, size	File type	Python version	Upload date	Hashes
Filename, size idstools-0.3.0.tar.gz (15.6 kB)	File type Source	Python version None	Upload date Feb 28, 2014	Hashes View

Hashes for idstools-0.3.0.tar.gz

Hashes for idstools-0.3.0.tar.gz
Algorithm	Hash digest
SHA256	`da4e85c887fdcc3a7e79938b56627ba825d1790d35b92012087e5073c9a84262`
MD5	`a68ce01065d8c2ce46d4805a7e3a8de0`
BLAKE2-256	`67bf3e1353436904d5a766eaa5f9986d020c5d9d3f38e93764d52c5e5ea0a845`