[Snort-users] SnortSnarf for Wiodows Complains of Inability to Find JulianDay.p l

Michael Steele michaels at ...155...
Mon Mar 4 19:12:06 EST 2002


Eric,

I am in fact NOT referring to any file located on Snort.org. They are
OBSOLETE. I've made several requests to the webmaster to update the
files or remove the links and they have never replied. I have even sent
the updated files to Brian and still no go. I've given up.  Go to our
site and grab the latest and if you encounter a problem let me know and
I will debug it. 

- Mike

Commercial Snort Support <<->> 1.866.41.SNORT
 Silicon Defense -- <www.silicondefense.com>
    Home of the new SENTRUS Snort sensor!
  Michael Steele - Snort Support Technician


-----Original Message-----
From: Robinson, Eric R. [mailto:erobinson at ...5206...] 
Sent: Monday, March 04, 2002 5:09 PM
To: 'Michael Steele'
Subject: RE: [Snort-users] SnortSnarf for Wiodows Complains of Inability
to Find JulianDay.p l

>If you'll delve a little bit deeper into our website you 
>will find a complete walk through for installing Snortsnarf. 

>> Heh, I think I've just been told to RTFWS. :-)

Not sure what the WS means, but that is absolutely not what I was trying
to say. Sometimes I'm a little short on my replies. I apologize if I
came across in any way other then courteous.

I hope you are not referring to the two documents, authored by yourself,
located at http://www.snort.org/documentation.html. I printed and read
both
of those prior to attempting the installation. After encountering
various
issues where the documents appeared incomplete, misleading or obsolete,
I
finally located your swib10.exe installer, which I hoped would save the
day.
It got me closer, but not quite all the way. Unfortunately, the
installer
does not come with any appreciable documentation and does not tell you
which, if any, of the steps from the previously mentioned documents it
performs for you and which, if any, need to be done separately. After I
obtained some help in this forum, Snort is now logging events and
SnortSnarf.pl does not complain when typed without command line options.
However, when I give it a full command, including the path to the snort
log
and an output directory, I get a bunch of stuff like this:

snortsnarf.pl -d c:\inetpub\wwwroot\snarf ..\log\snort-0304 at ...5211...
unknown alert format for line:
╘├▓í☻ ♦        
Ω♣  ☺   n⌐â<æ¼☻ >   >    
ó╦&{ ░╨
≥§ E  0┐8@ Ç♠y£
; skipping

..and so on. 

Is there another document that I can refer to?

--Eric


-----Original Message-----
From: Michael Steele [mailto:michaels at ...155...]
Sent: Monday, March 04, 2002 3:24 PM
To: 'Robinson, Eric R.'
Subject: RE: [Snort-users] SnortSnarf for Wiodows Complains of Inability
to Find JulianDay.p l


Eric,

If you'll delve a little bit deeper into our website you will find a
complete walk through for installing Snortsnarf. 

-Mike

Commercial Snort Support <<->> 1.866.41.SNORT
  Silicon Defense - www.silicondefense.com
    Home of the new SENTRUS Snort sensor!
  Michael Steele - Snort Support Technician


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Robinson,
Eric R.
Sent: Monday, March 04, 2002 1:12 PM
To: Snort-users at lists.sourceforge.net
Subject: [Snort-users] SnortSnarf for Wiodows Complains of Inability to
Find JulianDay.p l

I used the swib10.exe installer from Silicon Defense to install Snort
for
Windows and SnortSnarf.

I then ran...

	C:\Program Files\Silicon Defense\SWI\SnortSnarf>snortsnarf.pl

And it said...

	Can't locate Time/JulianDay.pm in @INC (@INC contains: ./include
C:/Perl/lib C:/Perl/site/lib . ./include/SnortSnarf) 
		at include/SnortSnarf/AlertBase.pm line 69.
	BEGIN failed--compilation aborted at
include/SnortSnarf/AlertBase.pm
line 69.
	Compilation failed in require at include/SnortSnarf/MemAlert.pm
line
20.
	BEGIN failed--compilation aborted at
include/SnortSnarf/MemAlert.pm
line 20.
	Compilation failed in require at
include/SnortSnarf/SnortFileInput.pm line 23.
	BEGIN failed--compilation aborted at
include/SnortSnarf/SnortFileInput.pm line 23.
	Compilation failed in require at C:\Program Files\Silicon
Defense\SWI\SnortSnarf\snortsnarf.pl line 216.
	BEGIN failed--compilation aborted at C:\Program Files\Silicon
Defense\SWI\SnortSnarf\snortsnarf.pl line 216.

I suppose I could fix this if I knew how to tell snortsnarf.pl where to
look
for JulianDay.pl, but the bigger question to me is, why should I have to
do
this? Is this something that the installation overlooks?

Any ideas? 

(Please no Unix vs. Windows flames, thanks.)

--Eric

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users









More information about the Snort-users mailing list