Snort mailing list archives
swatch error
From: "Petriz, Pablo" <ppetriz () siscat com ar>
Date: Wed, 27 Nov 2002 12:28:00 -0300
Hello list! This is a bit out of the scope of this list, but i couldn?t find help in swatch lists and i know that many snorters use swatch. I?m having problems using the throttle option. This option (as i understand) makes swatch send only 1 alert when more than 1 similar alerts happen between a given time lapse, but i receive an error and it doesn?t work. Error: Date::Calc::Delta_DHMS(): not a valid time at /root/.swatch_script.4390 line 227. These are some lines near 227 in the swach_script.4390: if (exists $Msg_Rec{$key} and defined $Msg_Rec{$key}->{ymdhms}) { my $passed = 1; $Msg_Rec{$key}->{count}++; if ($ymdhms[1] > $Msg_Rec{$key}->{ymdhms}[1]) { $ymdhms[0]--; } my @delta_dhms = Delta_DHMS(@{$Msg_Rec{$key}->{ymdhms}}, @ymdhms); // line 227 foreach my $i (0..$#min_dhms_delta) { $passed = 0 if ($delta_dhms[$i] < $min_dhms_delta[$i]); last unless ($delta_dhms[$i] == $min_dhms_delta[$i]); } This is my conf file: watchfor /\[\*\*\]/ echo mail=mte@xxxx,subject=--- Alertas de Snort! --- mail=pep@xxxx,subject=--- Alertas de Snort! --- throttle 00:01:00 Any help will be appreciated. TIA! PABLO ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- swatch error Petriz, Pablo (Nov 27)
- Re: swatch error Todd Holloway (Nov 27)
- <Possible follow-ups>
- RE: swatch error Petriz, Pablo (Nov 28)