[Snort-users] snortsnarf barfing

Dave Dittrich dittrich at ...466...
Sun Sep 17 13:14:24 EDT 2000


> Someone else had this problem and fixed it by copying the contents of 
> the "include" directory of the new release to 
> /usr/lib/perl5/site_perl/.  They had done that with the previous 
> release, but not with the new release.  It is basically an issue with 
> Perl finding the old version of snort_alert_parse.pl, but not the 
> latest version, which the new version of snortsnarf.pl needs.

That fix is a little risky, as an upgrade of perl may wipe out all the
little libs you've added over time.  A better way is to either make a
similar directory in /usr/local/lib, and add that to the compiled in
Perl @INC variable (which also means a tweak to Perl), or add the path
explicitly to the script as a configuration step during installation,
like The Coroner's Toolkit does:

	http://www.fish.com/security/tct.html

--
Dave Dittrich                           Computing & Communications
dittrich at ...466...             Client Services
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5




More information about the Snort-users mailing list