stephane.nasdrovisky at ...12261...
Wed Oct 20 08:26:16 EDT 2004
Rob Ward wrote:
> Perl 5.6
> snort_stat.pl 188.8.131.52
> When I run the 'alert' file produced by Snort through snort_stat.pl it
> doesn't produce any data yet the file is full of alerts. I've seen
> others with similar problems in the archives. Has anyone resolved this?
> The strange thing is I also use grep to produce a file of DOS and DDOS
> alerts from the 'alert' file and when I run this through snort_stat.pl
> this produces output?
Is your alert file larger than 2gb ? It may be related to some
restriction on the file size (2 or 4 gb, I can't remember). If grep is
producing a file smaller than 2gb, game is over. You may upgrade your
perl to an uptodate one 5.8? It seems perl 5.6.1 is largefile (>2 or 4
gb) ready. Google for "perl largefile" for more info.
More information about the Snort-users