Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting error"The path '/en-US/custom/TA-snort/taunixsetup/TA-snort/setup" when trying to install Splunk add-on for Snort?

kianhong1995
New Member
‎12-28-2014 06:49 PM

When trying to install the Splunk add-on for Snort on Enterprise Security the following error is shown:

http://imgur.com/hFRjCXf

Is it needed to install this add-on in order to view data from the Snort alert.ids file? And if so, is there anyway to solve this error?

I am using the same alert.ids on the Splunk for Snort app and there is data shown.
Tested on Splunk 6.2.0 for both Windows 8 and Ubuntu with the same error shown.
Tested on Splunk 6.0.1 and 6.2.0 on a seperate computer also on Windows 8.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎12-29-2014 08:38 AM

I can't tell what you're trying to do... Neither TA-snort (old addon that ships with ES) nor Splunk_TA_sourcefire (new addon that also supports Snort) need or have a setup process.

Your snort logs should be in a directory somewhere, tell Splunk to monitor it and set the sourcetype to snort.

View solution in original post

Reply
Solved! Jump to solution
Solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎12-29-2014 08:38 AM

I can't tell what you're trying to do... Neither TA-snort (old addon that ships with ES) nor Splunk_TA_sourcefire (new addon that also supports Snort) need or have a setup process.

Your snort logs should be in a directory somewhere, tell Splunk to monitor it and set the sourcetype to snort.

Reply
Solved! Jump to solution

kianhong1995
New Member
‎12-29-2014 10:10 PM

Thanks for the help! I was trying to get the Snort data to appear on Intrusion Center but nothing was showing. I thought that it might have been something to do with the add-ons so I was trying to look into it. I have now realised that it might have been a problem with my Snort log files.

Sorry for the inconvenience as I am new to Splunk!

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...