search

leonward / snoge

Automatically exported from code.google.com/p/snoge
0 stars 0 forks source link

cant run the unified #9

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Please help with error below:

Works on:
Ubuntu 10.10
barnyard2
snoge-1.8

Below is what i am trying to run and the output that I get.

infos@IDS:~/Build/snoge$ ./snoge -v -c snoge.conf -o 
/var/log/snort/snort.log.1304505368
CONFIG: Input mode is        : unified
CONFIG: sid-msg file is      :  /etc/snort/sid-msg.map
CONFIG: gen-msg file is      : "/etc/snort/gen-msg.map"
CONFIG: Base filename is     :  /var/log/snort/snort.alert
CONFIG: Ignoring Source      :  80.68.89.43
CONFIG: Ignoring Destination : ""
CONFIG: Ignoring SIDs        :  1421 1000000001 13948 12801
CONFIG: Updateinterval       : 0 events
CONFIG: Maxplacemarks        : 50
CONFIG: Maximum Statistics   : 4000
CONFIG: Default location     :  rm-rf.co.uk
CONFIG: KMLOutputfile        :  /var/www/snoge/snoge.kml
CONFIG: Server Refresh       :  5
CONFIG: waldo                :  /dev/null
CONFIG: Event Icon           :  warning.png
CONFIG: Sensor Icon          :  snorty.gif
CONFIG: Banner               :  snort-ge-banner.png
CONFIG: UpdateURL            :  http://10.2.1.12/snoge/snoge.kml
CONFIG: Defense Center       :  10.2.1.12
CONFIG: Estreamer Port       : "8302"
CONFIG: Certfile             : "/home/lward/certfile.txt";
CONFIG: Sensors              :  rm-rf.co.uk sourcefire.com
CONFIG: Image URL            :  http://rm-rf.co.uk/downloads/
CONFIG: classification file  :  /etc/snort/classification.config
- Cant find default location for  rm-rf.co.uk!
- Unified mode * Importing functions:
Can't locate SnortUnified/MetaData.pm in @INC (@INC contains:  .. /etc/perl 
/usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 
/usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 
/usr/local/lib/site_perl . ..) at ./snoge line 214, <CONFIG> line 93.

I have tried running csv and it did work fine.

thanks,
Mohamed

Original issue reported on code.google.com by bam...@gmail.com on 10 May 2011 at 9:50

GoogleCodeExporter commented 9 years ago 
Take a look at http://code.google.com/p/snoge/wiki/Install , paying close 
attention to the installation of installing the Snort unified perl modules in 
the Snoge and Snort section. The error you're getting either tells me that the 
unified perl modules are not installed on your system, or they are installed in 
the wrong place.

-Leon

Original comment by leon.j.w...@gmail.com on 10 May 2011 at 9:54

GoogleCodeExporter commented 9 years ago 
Thanks Leon for your reply.

I went through the steps and I did exactly what was mention on that link but I 
still got that error.

Original comment by bam...@gmail.com on 10 May 2011 at 11:54