u2_anon is a tool that allows you to "share" anonymized unified2 files to help debug issues or share results without compromising the information contained inside. u2_anon will not modify the unified2 file/files used as the source, but will create a copy of the source unified2 file with anonymized data that can be shared.
I strongly suggest that you run u2_anon on files that are not currently being written by snort, since it will not "spool" unified2 file like barnyard2 or other unified2 readers can do.
u2_anon has 4 different levels or anonymity levels:
[-eE:] [Anonymize Event] - Will set source and destination IP's of EVENT to ipv4 -
"127.0.0.1" , ipv6 "::ffff:127.0.0.1" [-lL:] [Anonimize LinkLayer (ethernet)] - Will set source mac to AA:AA:AA:AA:AA:AA and dst mac to BB:BB:BB:BB:BB:BB [-pP:] [Anonymize Packet data] - Will Zero out packet payload [-xX:] [Anonymize Extra DATA event] - Will set IP information to "loopback" and extra data "data"
will be zeroed.u2_anon will work on a single file or a directory containing multiple files.
Note that u2_anon is still beta and new features will be added along the way, if you have comments, suggestions, or bug/issues, please feel free to let me know.
You can download it directly from here https://github.com/binf/u2_anon/tags