[Dshield] snort perl script

Matthew Harrell mhar at plex.com
Tue Oct 1 14:35:19 GMT 2002


I'm trying to get the snort 1.8 perl script (snort_18_syslog.pl) to work on
my /var/log/snort/alert file (generated with -A full).  It runs fine, but
all I get are failures:

Failed non-ICMP parse

We get a TON of scans in the alert file every day, and I find it hard to
believe that they are all failing.  I've looked at the script, but I don't
know how to program Perl.  Some of it is obvious, but I'm not sure why it
fails on every single log entry.  I'm running snort 1.8.7.  Any helpful
suggestions?

-----------------
Matt Harrell
Plexus Systems
mhar at plex.com





More information about the list mailing list