Snort mailing list archives
RE: SnortSnarf
From: "Martin Jr., D. Michael" <martinm () montevallo edu>
Date: Thu, 16 Oct 2003 18:12:09 -0500
Thanks Michael for the "Time/ParsDate.pm" info. I found the Perl Modules necessary and tried again. Now I get the following: C:\Snort\SnortSnarf>snortsnarf.pl -d c:\snort\snortsnarf\html alert.ids Using an array as a reference is deprecated at include/SnortSnarf/HTMLMemStorage.pm line 290. Using an array as a reference is deprecated at include/SnortSnarf/HTMLAnomMemStorage.pm line 266. Can't call method "first_last" on an undefined value at include/SnortSnarf/HTMLMemStorage.pm line 220. I know this is suppose to be possible on Windows but I am stuck again. Thanks all, Michael Martin Snort Newbie -----Original Message----- From: Michael Sconzo [mailto:msconzo () tamu edu] Sent: Thursday, October 16, 2003 4:45 PM To: Martin Jr., D. Michael Subject: Re: [Snort-users] SnortSnarf Time/ParsDate.pm is a perl module. depending on how you have perl installed on your windows machine you could possibly use CPAN or something else to install it. However, http://search.cpan.org is a very useful site for tracking down perl modules. Also perhaps (if you didn't cut and paste) the module might be called Time::ParseDate http://search.cpan.org/search?query=Parse+Date&mode=module Hope some of this helps gets you on the right track. I haven't been using SnortSnarf, we use some home-grown stuff here, otherwise I might be able to provide some more insight for you. -Mike ----- Original Message ----- From: "Martin Jr., D. Michael" <martinm () montevallo edu> To: <snort-users () lists sourceforge net> Sent: Thursday, October 16, 2003 4:21 PM Subject: [Snort-users] SnortSnarf Before I start, I want to say, "Thanks!" to all of you helpful and patient individuals out there. Yes, I am new to Snort and "for now" it seems like as soon as I solve one problem, I get one more question. That being said... I am in a Windows environment (go ahead a chuckle) and have started using Snort. I now have my switch issues solved and (mainly thanks to folks at SwordSoft and their VIA log analysis tool), I have been getting some information out. Unfortunately, since I am at a University and mainly sniffing traffic in residence halls (viruses are the main problem), I have Snort alert.ids files that are huge (27+MB for a half-day). This appears to be way too much for VIA. Enter SnortSnarf... Now, (yes, I have visited WinSnort with little success thus far) I am having problems with SnortSnarf. I am perfectly happy running it from a command prompt and don't need IIS for that (I can figure that out later). But I keep getting the following error: Can't locate Time/ParsDate.pm in @INC..... line 18 BEGIN failed-compilation aborted ... line 18 And so on... (four errors in all)
From the looks of things, I am assuming, the issues is probably one of
syntax because I am on Windows and not on Unix/Linux??? I have tried correcting the problems from within the command line but no success. Any suggestions would be greatly appreciated. Thanks, Michael Martin University of Montevallo
Current thread:
- snortsnarf grant (Oct 14)
- RE: SnortSnarf Michael Steele (Oct 14)
- <Possible follow-ups>
- SnortSnarf Martin Jr., D. Michael (Oct 16)
- RE: SnortSnarf Michael Steele (Oct 16)
- RE: SnortSnarf grant (Oct 16)
- RE: SnortSnarf Martin Jr., D. Michael (Oct 16)
- RE: SnortSnarf grant (Oct 16)
- RE: SnortSnarf grant (Oct 18)