Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Third Party Tools » SnortSnarf Setup

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

SnortSnarf Setup


Posted by dukeminus on July 16, 2005 13:09:15

when trying to view alerts with Snort using the following command:

c:\snort\snortsnarf\snortsnarf.pl –d c:\snort\apache\apache2\htdocs\log -dns -db c:\snort\snortsnarf\ann-dir\annotation-base.xml -cgidir http://localhost/cgi c:\snort\apache\apache2\htdocs\log\alert.ids

I receive the following message.

Using an array as a reference is deprecated at include/SnortSnarf/HTMLMemStorage.pm line 290.
Using an array as a reference is deprecated at include/SnortSnarf/HTMLAnomMemstorage.pm line 266.
SnortFileInput: input file C:\Snort\snortsnarf\ud does not exist; skipping it
SnortFileInput: input file c:\snort\apache\apache2\htdocs\log exist but is length 0; skipping it
Can't call method "first_last" on an undefined value at include/SnortSnarf/HTMLMemStorage.pm line 220

Can someone please help me.....

Posted by frenzel on June 01, 2006 05:39:25

I had the same under MacOSX and I used the following solution:

The messages:
Using an array as a reference is deprecated at include/SnortSnarf/HTMLMemStorage.pm line
290.
Using an array as a reference is deprecated at include/SnortSnarf/HTMLAnomMemstorage.pm
line 266.

These messages appear when running perl 5.8 (not applicable for 5.6). Change the lines 290
and 266 as follow: @arr should become $$arr.

The message:
Can't call method "first_last" on an undefined value at include/SnortSnarf/
HTMLMemStorage.pm line 220

is caused by the use of the wrong Sort.pm (which might be installed in the default perl
environment).
Make sure that you are using 'including/SnortSnarf/Sort.pm' during runtime.

ie: Goto the directory where you installed snortsnarf and run the command under Unix with
the setting of the PERL5LIB environment variable:

PERL5LIB=./include/SnortSnarf ./snortsnarf.pl -d report alert

This should do the job.

site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.