I have sucessfully installed and configured snortsnarf. This is suposed to produce HTML output from my log files in a more understandable format. I fed it a long file from

..\logs\127.0.0.1\TCP_3127-80.ids

As it did its thing, it complained about unrecognized formats. Thus I am led to understand that the file I gave it for input is not a valid snort log file format, thus it does not know how to parse it.

My Alert.ids is empty, though snort definately works. Snort starts with my computer with a program called IDS center. It issues all the DOS commands to get snort up and running without me haveing to. And I can start and stop snort with the click of a button. Snort runs with no errors, which I would asume means everything is ok.

I think alert.ids is empty because non of the rules matched to flag a breakin yet. I tryed to use snot to generate excessive snort alerts, but failed, and I later discoverd that was because the new version of Snort has a fix for the snot atack.

What are these TCP_xxxx-80.ids files, and what do they mean. And is there any way I can generate some alerts?

I even tryed feeding Snot a ICMP rule file and it could not generate any alerts.