[Snort-users] snort_stat.pl

Scott A. McIntyre scott at ...1050...
Thu Jun 14 09:06:50 EDT 2001


Also sprach Roeland Weve (roeland at ...1415...):

> I am trying to use snort_stat.pl, but I can't get any output ...

Only the very latest snort_stat.pl will handle (read: ignore) the line
that has the Classifications and Priorities.  Make sure that you
download that verson from wherever it lives (there's a link from
www.snort.org).  I think the latest version is 1.15.2.1

Two other points about snort_stat.pl and version 1.8 rules:

1)  If you use -y for outputting year, make sure you adjust the script
accordingly, or it will get very confused.  The pattern match only looks
for month/day.

2)  It can not handle the new format (from CVS) alert line of:

[**] [1:718:1] TELNET - login incorrect [**]

I changed log.c to make this go away rather than deal with the regexp in
the perl (hate regexp).

Scott.






More information about the Snort-users mailing list