[Snort-users] Wierd error with snort-stat.pl.
hoagland at ...47...
Thu Feb 21 14:36:04 EST 2002
At 1:31 PM -0800 2/21/02, Erek Adams wrote:
>Anyone out there seeing any issues with snort-stat.pl? I'm unable to pass it
>a full alert file and have it process it correctly.
Speculating, I'd say it is having problems parsing the form of alerts
that you have. The alert format varies with snort version and with
snort configuration. It can be difficult to have your alert parser
handle the different formats.
Note to the snort-stat.pl maintainer: several months ago I went
through a major effort to modularize SnortSnarf. Input is now
separate from from storage which is separate from output. You might
want to use SnortSnarf's SnortFileInput module.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: IDS Solutions --- *|
|* hoagland at ...47..., http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|
More information about the Snort-users