[Snort-users] SnortSnarf version 041501.1

James Hoagland hoagland at ...47...
Mon Apr 16 12:06:21 EDT 2001

Greetings all,

Well, it was a day late but not a dollar short.  SnortSnarf version 
041501.1 is available for download.  The one people have most wanted 
was getting rid of warnings when -rulesfile is not used.  Other 
improvements include proper treatment of alerts with which a 
signature, source IP or destination IP was not parsed and adding more 
compatibility with syslog formats.

+ eliminated warnings when running snortsnarf.pl without -rulesfile
+ improved treatment of alerts without a (parsed) signature, source IP, and/or
destination IP
+ added compatibility with Solaris 8 syslog format and now skips over 
interfaces printed in syslog format under snort -I [based on contrib 
by Benny Jones]
+ added -rulesscanonce option to scan the rules files only once to decrease
CPU use at the cost of increased memory usage
+ improved sanity checking of some command line arguments
+ removed a debugging statement from MemStorage
+ clarified documentation about needing to install the Time modules

You can download it and find out more at:


Best regards,


P.s. Let me know if you have problems with this distribution, 
especially if you know the reason.  Some people on Windows boxes had 
trouble extracting the .tar.gz for the last release.  We didn't track 
down what caused that, but this new one was produced on a new 
machine, so hopefully the problem won't reemerge.
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*              http://www.silicondefense.com/              *|
|*      Silicon Defense - Technical Support for Snort       *|
|*  Voice: (530) 756-7317              Fax: (530) 756-7297  *|

More information about the Snort-users mailing list