RE: SnortSnarf

["grant" <grant () macaulayconsultants co uk>]

Martin
 
I had the same issue. Check you have active perl build 635
 
Copy the 
c:\snortsnarf\include\snortsnarf\*.*
c:\snortsnarf\include\*.*
 
c:\perl\lib\*.*
 
and make sure you have
 
c:\snortsnarf\time in place
 
Grant

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Martin Jr.,
D. Michael
Sent: 17 October 2003 00:12
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] SnortSnarf



Thanks Michael for the "Time/ParsDate.pm" info.  I found the Perl
Modules necessary and tried again.

 

Now I get the following:

C:\Snort\SnortSnarf>snortsnarf.pl -d c:\snort\snortsnarf\html alert.ids

 

Using an array as a reference is deprecated at
include/SnortSnarf/HTMLMemStorage.pm line 290.

Using an array as a reference is deprecated at
include/SnortSnarf/HTMLAnomMemStorage.pm line 266.

Can't call method "first_last" on an undefined value at
include/SnortSnarf/HTMLMemStorage.pm line 220.

 

I know this is suppose to be possible on Windows but I am stuck again.

 

Thanks all,

 

Michael Martin

Snort Newbie

 

 

 

-----Original Message-----
From: Michael Sconzo [mailto:msconzo () tamu edu] 
Sent: Thursday, October 16, 2003 4:45 PM
To: Martin Jr., D. Michael
Subject: Re: [Snort-users] SnortSnarf

 

Time/ParsDate.pm  is a perl module.  depending on how you have perl

installed on your

windows machine you could possibly use CPAN or something else to install
it.

 

However, http://search.cpan.org is a very useful site for tracking down
perl

modules.

Also perhaps (if you didn't cut and paste) the module might be called

Time::ParseDate

http://search.cpan.org/search?query=Parse+Date&mode=module

 

Hope some of this helps gets you on the right track.  I haven't been
using

SnortSnarf,

we use some home-grown stuff here, otherwise I might be able to provide
some

more

insight for you.

 

-Mike

 

 

----- Original Message ----- 

From: "Martin Jr., D. Michael" <martinm () montevallo edu>

To: <snort-users () lists sourceforge net>

Sent: Thursday, October 16, 2003 4:21 PM

Subject: [Snort-users] SnortSnarf

 

 

Before I start, I want to say, "Thanks!" to all of you helpful and

patient individuals out there.  Yes, I am new to Snort and "for now" it

seems like as soon as I solve one problem, I get one more question.

That being said...

 

 

 

 

 

I am in a Windows environment (go ahead a chuckle) and have started

using Snort.  I now have my switch issues solved and (mainly thanks to

folks at SwordSoft and their VIA log analysis tool), I have been getting

some information out.  Unfortunately, since I am at a University and

mainly sniffing traffic in residence halls (viruses are the main

problem), I have Snort alert.ids files that are huge (27+MB for a

half-day).  This appears to be way too much for VIA.

 

 

 

Enter SnortSnarf...

 

Now, (yes, I have visited WinSnort with little success thus far) I am

having problems with SnortSnarf.  I am perfectly happy running it from a

command prompt and don't need IIS for that (I can figure that out

later).  But I keep getting the following error:

 

 

 

Can't locate Time/ParsDate.pm in @INC..... line 18

 

BEGIN failed-compilation aborted ... line 18

 

And so on... (four errors in all)

 

 

 

> From the looks of things, I am assuming, the issues is probably one of

syntax because I am on Windows and not on Unix/Linux???  I have tried

correcting the problems from within the command line but no success.

Any suggestions would be greatly appreciated.

 

 

 

Thanks,

 

 

 

Michael Martin

 

University of Montevallo

<<winmail.dat>>