[Snort-users] snort_stat.pl

Rob Ward rob.ward at ...11329...
Wed Oct 20 08:38:59 EDT 2004


Thanks Stephane, the file is only around 25 MB though!?

Regards

Rob

--On 20 October 2004 17:07 +0200 stephane nasdrovisky 
<stephane.nasdrovisky at ...12261...> wrote:

> Rob Ward wrote:
>
>> Perl 5.6
>> snort_stat.pl 1.15.2.6
>>
>> When I run the 'alert' file produced by Snort through snort_stat.pl it
>> doesn't produce any data yet the file is full of alerts. I've seen
>> others with similar problems in the archives. Has anyone resolved this?
>>
>> The strange thing is I also use grep to produce a file of DOS and DDOS
>> alerts from the 'alert' file and when I run this through snort_stat.pl
>> this produces output?
>
> Is your alert file larger than 2gb ? It may be related to some
> restriction on the file size (2 or 4 gb, I can't remember). If grep is
> producing a file smaller than 2gb, game is over. You may upgrade your
> perl to an uptodate one 5.8?  It seems perl 5.6.1 is largefile (>2 or 4
> gb) ready. Google for "perl largefile" for more info.



Rob Ward
Network Northwest Support
University of Liverpool
Computing Services Department

Tel: 0151 794 4449
Fax: 0151 794 4442
Mob: 07970 247 326




More information about the Snort-users mailing list