SNORT: how to save the log file as ASCII format?

I'm captured the traffic with this command /usr/loca/bin/snort -ieth0 -l /var/log/snort since behind i 开发者_如何学JAVAnever put -b so it's not binary file.. but when i write a program to read the log file seem like display all unknown word...so it's mean it still a binary file rite... any other method to specify it must be ASCII format? like need to configure on snort.conf or else?

You can use snort -A console -c /etc/snort/snort.conf -l /var/log/snort/ -K ascii

Most applications read the binary log format. Also for performance reasons the binary format is preferred. I would simply log to the unified log format and use barnyard to convert the logs to text on the fly. This will allow you the flexibility of having binary logs as well as text.

Alternatively, you may enable ASCII based inbuild syslog support from snort configuration:

in /etc/snort/snort.conf: output alert_syslog: host=dest_ip:dest_port, LOG_USER LOG_DEBUG LOG_PERROR

This will intern generates syslog in /var/log/messages:

11/02-20:54:28.404290 [] [1:478:2] sig_name_p80 [] [Classification: Potentially Bad Traffic] [Priority: 5 ] {TCP} 172.30.1.248:63880 -> 172.30.2.69:30002 11/02-20:54:28.404330 [] [1:478:2] sig_name_p80 [] [Classification: Potentially Bad Traffic] [Priority: 5 ] {TCP} 172.30.2.69:30002 -> 172.30.1.248:63880