[Snort-users] Fix for SnortSnarf error messages with syslog input
hoagland at ...47...
Wed Nov 15 12:15:17 EST 2000
In case you are being bothered with "unknown alert format for line"
messages from SnortSnarf for syslog "last message repeated" lines,
here is a fix. Add this line above line 68 in snort_alert_parse.pl
(which you may have installed in site_perl):
next if m/^\w+\s+\d+\s+[\d:]+\s+\S+\s+last\s+message\s+repeated/i;
(At least its line 68 in what I have. It is the line with the
comment about syslog format.)
This will be fixed in the next release of SnortSnarf.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* hoagland at ...47... *|
|* http://www.silicondefense.com/ *|
|* Voice: (707) 445-4355 x13 Fax: (707) 445-4222 *|
More information about the Snort-users