[Snort-users] SnortSnarf version 102700.1

James Hoagland hoagland at ...47...
Fri Oct 27 18:31:40 EDT 2000


Hello all,

Just put a new version of SnortSnarf out with a couple changes:

+ modified alert parsing to accept latest version of the full alert 
format as well as the old version
+ added check to make sure snortsnarf.pl is using correct version of 
snort_alert_parse.pl

We found out the hard way that the latest versions of Snort uses a 
slightly different alert format which SnortSnarf couldn't read 
properly.  (Most likely symptom is that the log links aren't 
generated if you use -ldir.)

The second change is because several people have forgotten to install 
the latest version of the "include" files or have installed them 
incorrectly.  The symptoms of this failure can vary and are not 
obvious.  This sanity check is to save everyone some headaches.

You can get this version from:

   http://www.silicondefense.com/snortsnarf/

Not need to upgrade from version 102600.1 unless you are having problems.

Regards,

   Jim
-- 
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*              http://www.silicondefense.com/              *|
|*  Voice: (707) 445-4355 x13          Fax: (707) 445-4222  *|



More information about the Snort-users mailing list