[Dshield] snort perl script

Mark Rowlands mark.rowlands at minmail.net
Tue Oct 1 15:33:48 GMT 2002


On Tue October 1 2002 16:35, Matthew Harrell wrote:
> I'm trying to get the snort 1.8 perl script (snort_18_syslog.pl) to work on
> my /var/log/snort/alert file (generated with -A full).  It runs fine, but
> all I get are failures:
>
> Failed non-ICMP parse
>
> We get a TON of scans in the alert file every day, and I find it hard to
> believe that they are all failing.  I've looked at the script, but I don't
> know how to program Perl.  Some of it is obvious, but I'm not sure why it
> fails on every single log entry.  I'm running snort 1.8.7.  Any helpful
> suggestions?

post a snippet of log.......  you might want obfuscate ip addresses if you're 
sensitive




More information about the list mailing list