Snort and SnortSnarf.pl
Results 1 to 3 of 3

Thread: Snort and SnortSnarf.pl

  1. #1
    Junior Member
    Join Date
    Apr 2002
    Posts
    15

    Snort and SnortSnarf.pl

    I have a question and it might seem kinda vague. I apologize for that.

    I am running snort 1.8.3 and I use snortsnarf.pl to compile my snort alert and portscan logs. Last Friday I noticed that when I went to run " ./snortsnarf.pl /var/log/snort/alert " the process never finishes. It consumes all my memory, and both CPU's. I have to physically cntrl+c to get the damn thing to stop using all my resources. This never used be this way. It just used to compile the alert file no time. Any ideas why this is happening?

    I am running snort on a dual PIII 733 Xeon machine under Mandrake 8.1. Thanks for the replies.

  2. #2
    Senior Member
    Join Date
    Mar 2002
    Posts
    425
    Does it do this all the time or just occasionally?

  3. #3
    Junior Member
    Join Date
    Apr 2002
    Posts
    15
    You know, it just started doing it. BUT I FIXED IT. I was really not looking forward to recompiling that stuff.

    What I found out was, I had a bad/corrupted/whatever database inmy snort logs that was crashing the perl script. I moved the entire snort logs out of /var and launched a ton of attacks (portscans, hacks, and windows vulns) toward my network IDS. Thereby generating new logs. Reran the script, and bam, everything was fine.

    Now I just gotta find the damn bad logfile.

    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •