[Dshield] snort perl script

Matthew Harrell mhar at plex.com
Tue Oct 1 14:35:19 GMT 2002

I'm trying to get the snort 1.8 perl script (snort_18_syslog.pl) to work on
my /var/log/snort/alert file (generated with -A full).  It runs fine, but
all I get are failures:

Failed non-ICMP parse

We get a TON of scans in the alert file every day, and I find it hard to
believe that they are all failing.  I've looked at the script, but I don't
know how to program Perl.  Some of it is obvious, but I'm not sure why it
fails on every single log entry.  I'm running snort 1.8.7.  Any helpful

Matt Harrell
Plexus Systems
mhar at plex.com

