Snoge cant accessor not recognize snort log file.

[GoogleCodeExporter]

Hello

I have installed it and tried to run it at first time with command line as
follow “./snoge -c snoge.conf -v -m unified -o
/var/log/snort/snort.log.1269509132″

i get 
Working on single file /var/log/snort/snort.log.1269509132
unable to open /var/log/snort/snort.log.1269509132 at ./snoge line 1211.

i am using SnogE ver 1.7 installed on CentOs 5.4 with Snort Ver 2.8.5.3

i running Snoge under root privilege(user)
[root@localhost snoge]# whoami
root
[root@localhost snoge]# ls -l /var/log/snort/snort.log.1269509132
-rwxrwxrwx 1 root root 223610 Mar 25 10:09 /var/log/snort/snort.log.1269509132
[root@localhost snoge]# file /var/log/snort/snort.log.1269509132
/var/log/snort/snort.log.1269509132: tcpdump capture file (little-endian) -
vers                                         ion 2.4 (Ethernet, capture
length 1514)

Original issue reported on code.google.com by tba...@gmail.com on 31 Mar 2010 at 11:27

[GoogleCodeExporter]

There's your problem:

/var/log/snort/snort.log.1269509132: tcpdump capture file 

You are logging in tcpdump format, and not unified format. Take a look at page 
102 of
the snort manual.

Version 1.7 of SnoGE only supports unified1 format, try this in your snort.conf.

output alert_unified: snort.alert, limit 128

Let me know if it works.

Original comment by leon.j.w...@gmail.com on 31 Mar 2010 at 11:34

[GoogleCodeExporter]

Thanks 
Seems working correctly now

************
Working on single file /var/log/snort/snort.log.1270038206
- In total 0 were make to the KML file

Original comment by tba...@gmail.com on 31 Mar 2010 at 12:29

[GoogleCodeExporter]

Original comment by leon.j.w...@gmail.com on 31 Mar 2010 at 12:39

• Changed state: Invalid