Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wierd error with snort-stat.pl.

From: James Hoagland <hoagland () SiliconDefense com>
Date: Thu, 21 Feb 2002 14:35:02 -0800
At 1:31 PM -0800 2/21/02, Erek Adams wrote:

Anyone out there seeing any issues with snort-stat.pl?  I'm unable to pass it
a full alert file and have it process it correctly.
Speculating, I'd say it is having problems parsing the form of alerts that you have. The alert format varies with snort version and with snort configuration. It can be difficult to have your alert parser handle the different formats.
Note to the snort-stat.pl maintainer: several months ago I went through a major effort to modularize SnortSnarf. Input is now separate from from storage which is separate from output. You might want to use SnortSnarf's SnortFileInput module. 

Best regards,

  Jim
--
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland () SiliconDefense com, http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: