Snort mailing list archives
Logsnorter problem
From: Carlos <zottmann () ig com br>
Date: Mon, 15 Mar 2004 16:40:55 -0300
Hi !!We are successfully using Snort and ACID, and decided to store our iptables logs in ACID as well, through the "logsnorter" script.
We start logsnorter to read our firewall logs, and, for each line it encounters, it throws the following error:
"Bareword found where operator expected at ./logsnorter line 520, near ") DST" (Missing operator before DST?)" Line 520 has the following code:if (/^(\w+)+\s+([0-9]+) ([0-9]+):([0-9]+):([0-9]+) ([^\s]+) kernel: IN=(\w+[0-9]+) OUT= SRC=([0-9\.]+) DST=([0-9\.]+) LEN=([0-9]+) TOS=(\w+) PREC=(\w+) TTL=([0-9]+) ID=([0-9]+) PROTO=(\w+) SPT=([0-9]+) DPT=([0-9]+) WINDOW=([0-9]+) RES=(\w+) ([\w+\s]+)URGP=([1-9]+) /) {
It is the first if used to identify the type of the packet ( incoming TCP, outgoing TCP, etc...)
Does anyone knows what is going wrong? Thanks in Advance, Carlos. ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Logsnorter problem Carlos (Mar 15)
- Re: Logsnorter problem Jason Haar (Mar 15)
- <Possible follow-ups>
- Logsnorter problem Carlos (Mar 18)
- Re: Logsnorter problem Michael Boman (Mar 19)
- Re: Logsnorter problem Carlos (Mar 18)
- Re: Logsnorter problem Michael Boman (Mar 19)