perl pattern match on guardian no good....

["Nick Daum -- US CEO -- Novanix, LLC." <ceo () novanix com>]

This has to deal with the add-on guardian for snort.    I installed a
rpm'ed version of snort and guardian doesn't read the log file
correctly.  Here is a sample entry in the log file:
Dec  8 17:16:01 server1 snort: [1:1328:1] WEB-ATTACKS ps command attempt
[Classification: Web Application Attack] [Priority: 1]: {TCP}
66.20.28.125:12252 -> 216.40.233.21:80

here are the checks in the program it only has to pass one these so I
just need to know what modifications need to be made, these are just
samples of how it was originally to be split to help understand error:
($2  is the source, $3 is the dest and $1 is the type)


        if
(/snort:\s*(.*)\s*\:\s*(\d+\.\d+\.\d+\.\d+):\d+\s*->\s*(\d+\.\d+\.\d+\.\
d+):\d+$/) {
          &checkem ($2, $3, $1);
        }
        if
(/snort\[\d+\]:\s*(.*)\s*\:\s*(\d+\.\d+\.\d+\.\d+):\d+\s*->\s*(\d+\.\d+\
.\d+\.\d+):\d+$/) {
          &checkem ($2, $3, $1);
        }

Thank You For Your Time,
                                Nick Daum
                                  US CEO
                              Novanix, LLC.
                      http://www.Novanix.com
 
This message was sent using a Digital Certificate to verify the sender.
If you have an attachment with a  .p7s exstention that means your email
client does not support digital signatures and you should ignore it.
This message was also set with a vCard Attachment (ending in .vcf) if
your email client supports it you can import this into your Address
Book.
 



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users