[Snort-users] Fix for SnortSnarf error messages with syslog input

James Hoagland hoagland at ...47...
Wed Nov 15 12:15:17 EST 2000


In case you are being bothered with "unknown alert format for line" 
messages from SnortSnarf for syslog "last message repeated" lines, 
here is a fix.  Add this line above line 68 in snort_alert_parse.pl 
(which you may have installed in site_perl):

next if m/^\w+\s+\d+\s+[\d:]+\s+\S+\s+last\s+message\s+repeated/i;

(At least its line 68 in what I have.  It is the line with the 
comment about syslog format.)

This will be fixed in the next release of SnortSnarf.


|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*              http://www.silicondefense.com/              *|
|*  Voice: (707) 445-4355 x13          Fax: (707) 445-4222  *|

More information about the Snort-users mailing list