SnortSnarf

["Martin Jr., D. Michael" <martinm () montevallo edu>]

Before I start, I want to say, "Thanks!" to all of you helpful and
patient individuals out there.  Yes, I am new to Snort and "for now" it
seems like as soon as I solve one problem, I get one more question.
That being said...

 

 

I am in a Windows environment (go ahead a chuckle) and have started
using Snort.  I now have my switch issues solved and (mainly thanks to
folks at SwordSoft and their VIA log analysis tool), I have been getting
some information out.  Unfortunately, since I am at a University and
mainly sniffing traffic in residence halls (viruses are the main
problem), I have Snort alert.ids files that are huge (27+MB for a
half-day).  This appears to be way too much for VIA.

 

Enter SnortSnarf...

Now, (yes, I have visited WinSnort with little success thus far) I am
having problems with SnortSnarf.  I am perfectly happy running it from a
command prompt and don't need IIS for that (I can figure that out
later).  But I keep getting the following error:

 

Can't locate Time/ParsDate.pm in @INC..... line 18

BEGIN failed-compilation aborted ... line 18

And so on... (four errors in all)

 

> From the looks of things, I am assuming, the issues is probably one of
syntax because I am on Windows and not on Unix/Linux???  I have tried
correcting the problems from within the command line but no success.
Any suggestions would be greatly appreciated.

 

Thanks,

 

Michael Martin

University of Montevallo