Splunk Enterprise Security

Why am I getting error"The path '/en-US/custom/TA-snort/taunixsetup/TA-snort/setup" when trying to install Splunk add-on for Snort?

New Member

When trying to install the Splunk add-on for Snort on Enterprise Security the following error is shown:

http://imgur.com/hFRjCXf

Is it needed to install this add-on in order to view data from the Snort alert.ids file? And if so, is there anyway to solve this error?

I am using the same alert.ids on the Splunk for Snort app and there is data shown.
Tested on Splunk 6.2.0 for both Windows 8 and Ubuntu with the same error shown.
Tested on Splunk 6.0.1 and 6.2.0 on a seperate computer also on Windows 8.

0 Karma
1 Solution

Splunk Employee
Splunk Employee

I can't tell what you're trying to do... Neither TA-snort (old addon that ships with ES) nor SplunkTAsourcefire (new addon that also supports Snort) need or have a setup process.

Your snort logs should be in a directory somewhere, tell Splunk to monitor it and set the sourcetype to snort.

View solution in original post

Splunk Employee
Splunk Employee

I can't tell what you're trying to do... Neither TA-snort (old addon that ships with ES) nor SplunkTAsourcefire (new addon that also supports Snort) need or have a setup process.

Your snort logs should be in a directory somewhere, tell Splunk to monitor it and set the sourcetype to snort.

View solution in original post

New Member

Thanks for the help! I was trying to get the Snort data to appear on Intrusion Center but nothing was showing. I thought that it might have been something to do with the add-ons so I was trying to look into it. I have now realised that it might have been a problem with my Snort log files.

Sorry for the inconvenience as I am new to Splunk!

0 Karma