Splunk Enterprise Security

Why am I getting error"The path '/en-US/custom/TA-snort/taunixsetup/TA-snort/setup" when trying to install Splunk add-on for Snort?

kianhong1995
New Member

When trying to install the Splunk add-on for Snort on Enterprise Security the following error is shown:

http://imgur.com/hFRjCXf

Is it needed to install this add-on in order to view data from the Snort alert.ids file? And if so, is there anyway to solve this error?

I am using the same alert.ids on the Splunk for Snort app and there is data shown.
Tested on Splunk 6.2.0 for both Windows 8 and Ubuntu with the same error shown.
Tested on Splunk 6.0.1 and 6.2.0 on a seperate computer also on Windows 8.

0 Karma
1 Solution

jcoates_splunk
Splunk Employee
Splunk Employee

I can't tell what you're trying to do... Neither TA-snort (old addon that ships with ES) nor Splunk_TA_sourcefire (new addon that also supports Snort) need or have a setup process.

Your snort logs should be in a directory somewhere, tell Splunk to monitor it and set the sourcetype to snort.

View solution in original post

jcoates_splunk
Splunk Employee
Splunk Employee

I can't tell what you're trying to do... Neither TA-snort (old addon that ships with ES) nor Splunk_TA_sourcefire (new addon that also supports Snort) need or have a setup process.

Your snort logs should be in a directory somewhere, tell Splunk to monitor it and set the sourcetype to snort.

kianhong1995
New Member

Thanks for the help! I was trying to get the Snort data to appear on Intrusion Center but nothing was showing. I thought that it might have been something to do with the add-ons so I was trying to look into it. I have now realised that it might have been a problem with my Snort log files.

Sorry for the inconvenience as I am new to Splunk!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...