Talk With an Expert

Log2Pcap

Log2Pcap (PDF, 3.32MB)Published: 29 Apr, 2013
Created by
Joaquin Moreno

While handling an incident, either in the identification phase or during the computer forensics analysis, it is necessary to analyze the logs from different servers to identify the events that could be related to the incident. This task is often done using regular expressions with a customized list of patterns designed to identify unusual behavior. This is a time consuming process, requiring up to date signatures. This paper describes a novel tool, Log2pcap, which converts server logs to the standard 'pcap' format. A pcap file can then be analyzed using IDS engines like Snort leveraging existing and well maintained signature collections.