Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Logsnorter problem

From: Carlos <zottmann () ig com br>
Date: Mon, 15 Mar 2004 16:40:55 -0300
Hi !!
We are successfully using Snort and ACID, and decided to store our iptables logs in ACID as well, through the "logsnorter" script.
We start logsnorter to read our firewall logs, and, for each line it encounters, it throws the following error: 

"Bareword found where operator expected at ./logsnorter line 520, near ") DST"
        (Missing operator before DST?)"

Line 520 has the following code:
if (/^(\w+)+\s+([0-9]+) ([0-9]+):([0-9]+):([0-9]+) ([^\s]+) kernel: IN=(\w+[0-9]+) OUT= SRC=([0-9\.]+) DST=([0-9\.]+) LEN=([0-9]+) TOS=(\w+) PREC=(\w+) TTL=([0-9]+) ID=([0-9]+) PROTO=(\w+) SPT=([0-9]+) DPT=([0-9]+) WINDOW=([0-9]+) RES=(\w+) ([\w+\s]+)URGP=([1-9]+) /) {
It is the first if used to identify the type of the packet ( incoming TCP, outgoing TCP, etc...) 

Does anyone knows what is going wrong?

Thanks in Advance,
Carlos.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: