IDS Utility Library
Project description
py-idstools is a collection of Python libraries for working with IDS systems (typically Snort and Suricata).
Features
- Snort/Suricata unified2 log file reading.
- Continuous unified2 directory spool reading with bookmarking (a’la Barnyard2).
- Parser and mapping for classification.config.
- Parser and mapping for gen-msg.map and sid-msg.map.
- Useful utility programs.
Programs
- u2json - Convert unified2 files or spool directories to JSON.
- gensidmsgmap - Easily create a sid-msg.map file from rule files, directories or a rule tarball.
Requirements
- Python 2.6 or 2.7; Python 3.3 works but is not as well tested.
- Currently only tested on Linux.
Examples
Reading a Unified2 Spool Directory
The following code snippet will “tail” a unified log directory aggregating records into events:
from idstools import unified2
reader = unified2.SpoolEventReader("/var/log/snort",
"unified2.log", tail=True)
for event in reader:
print(event)
Documentation
Further documentation is located at http://idstools.readthedocs.org.
Changelog
0.4.0
- New tool, u2json to convert unified2 files to JSON.
0.3.1
- Support the new appid unified2 event types introduced in Snort 2.9.7.0.alpha.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
| Filename, size | File type | Python version | Upload date | Hashes |
|---|---|---|---|---|
| Filename, size idstools-0.4.0.tar.gz (38.6 kB) | File type Source | Python version None | Upload date | Hashes View |
