[Howto] Download and analyze interesting Suricata logs?

[ccna_student]

Hello,

got IDS/Suricata running with all rules enabled for the last months, with a couple warnings about protocols, dns etc., but nothing really suspicious. Last week found a couple hundred Log entries with udp packets over NAT to a country I normally not send packets to, with additional incoming tcp traffic from the same country but different IP.

Question 1: How to export the Logs with Payload in a usable format

Question 2: is there a Tool which is able to analyze/fingerprint the stream of packets?

Have a nice day and thank you for reading!

[ccna_student]

I got the log files, but more important - the json-files - with scp from and used a tool called BRIM to analyze them.

https://www.brimdata.io/

Have a great weekend!