[Snort-users] Wierd error with snort-stat.pl.

James Hoagland hoagland at ...47...
Thu Feb 21 14:36:04 EST 2002


At 1:31 PM -0800 2/21/02, Erek Adams wrote:
>Anyone out there seeing any issues with snort-stat.pl?  I'm unable to pass it
>a full alert file and have it process it correctly.

Speculating, I'd say it is having problems parsing the form of alerts 
that you have.  The alert format varies with snort version and with 
snort configuration.  It can be difficult to have your alert parser 
handle the different formats.

Note to the snort-stat.pl maintainer: several months ago I went 
through a major effort to modularize SnortSnarf.  Input is now 
separate from from storage which is separate from output.  You might 
want to use SnortSnarf's SnortFileInput module.

Best regards,

   Jim
-- 
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...47..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|




More information about the Snort-users mailing list