[Snort-users] snort_stat.pl

stephane nasdrovisky stephane.nasdrovisky at ...12261...
Wed Oct 20 08:26:16 EDT 2004


Rob Ward wrote:

> Perl 5.6
> snort_stat.pl 1.15.2.6
>
> When I run the 'alert' file produced by Snort through snort_stat.pl it 
> doesn't produce any data yet the file is full of alerts. I've seen 
> others with similar problems in the archives. Has anyone resolved this?
>
> The strange thing is I also use grep to produce a file of DOS and DDOS 
> alerts from the 'alert' file and when I run this through snort_stat.pl 
> this produces output?

Is your alert file larger than 2gb ? It may be related to some 
restriction on the file size (2 or 4 gb, I can't remember). If grep is 
producing a file smaller than 2gb, game is over. You may upgrade your 
perl to an uptodate one 5.8?  It seems perl 5.6.1 is largefile (>2 or 4 
gb) ready. Google for "perl largefile" for more info.




More information about the Snort-users mailing list