Snort and SnortSnarf.pl
I have a question and it might seem kinda vague. I apologize for that.
I am running snort 1.8.3 and I use snortsnarf.pl to compile my snort alert and portscan logs. Last Friday I noticed that when I went to run " ./snortsnarf.pl /var/log/snort/alert " the process never finishes. It consumes all my memory, and both CPU's. I have to physically cntrl+c to get the damn thing to stop using all my resources. This never used be this way. It just used to compile the alert file no time. Any ideas why this is happening?
I am running snort on a dual PIII 733 Xeon machine under Mandrake 8.1. Thanks for the replies.
Does it do this all the time or just occasionally?
You know, it just started doing it. BUT I FIXED IT. I was really not looking forward to recompiling that stuff.
What I found out was, I had a bad/corrupted/whatever database inmy snort logs that was crashing the perl script. I moved the entire snort logs out of /var and launched a ton of attacks (portscans, hacks, and windows vulns) toward my network IDS. Thereby generating new logs. Reran the script, and bam, everything was fine.
Now I just gotta find the damn bad logfile.