Snort mailing list archives
Re: Logsnorter problem
From: Carlos <zottmann () ig com br>
Date: Thu, 18 Mar 2004 10:48:12 -0300
Hi !!Sorry for the inconvenience of sending the same message over and over, but I thing my ISP is having some kind of trouble. I got repeated error messages saying that snort-users () lists sourceforge net was not going to accept my messages due to the lack of a postmaster account, and I did not receive any replies for the message, except yours ....
Anyway, thanks for the help !! Carlos. At 09:45 18/3/2004, Michael Boman wrote:
Hello Carlos, as Jason Haar already have pointed out to you, logsnorter is not being maintained anymore. You are free to fix the problem yourself, and to send in any patches for inclusion etc. But, it does _not_ help sending the same message in over and over. If anyone wanted to reply to it, they would already done so. Best regards Michael Boman On Thu, 2004-03-18 at 20:12, Carlos wrote: > Hi !! >> We are successfully using Snort and ACID, and decided to store our iptables> logs in ACID as well, through the "logsnorter" script. > > We start logsnorter to read our firewall logs, and, for each line it > encounters, it throws the following error: >> "Bareword found where operator expected at ./logsnorter line 520, near ") DST"> (Missing operator before DST?)" > > Line 520 has the following code: > > if (/^(\w+)+\s+([0-9]+) ([0-9]+):([0-9]+):([0-9]+) ([^\s]+) kernel: > IN=(\w+[0-9]+) OUT= SRC=([0-9\.]+) DST=([0-9\.]+) > LEN=([0-9]+) TOS=(\w+) PREC=(\w+) TTL=([0-9]+) ID=([0-9]+) > PROTO=(\w+) SPT=([0-9]+) DPT=([0-9]+) WINDOW=([0-9]+) RES=(\w+) > ([\w+\s]+)URGP=([1-9]+) /) { > > It is the first if used to identify the type of the packet ( incoming TCP, > outgoing TCP, etc...) > > Does anyone knows what is going wrong? > > Thanks in Advance, > Carlos. And yes, you need to dust off your perl skills to take a deeper look into it. No-one else has offered their help so I guess it's up to you if you want it fixed. Having said that, if you feel like throwing some cash into the problem I will most certainly take the time to solve this issue. -- Michael Boman
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Logsnorter problem Carlos (Mar 15)
- Re: Logsnorter problem Jason Haar (Mar 15)
- <Possible follow-ups>
- Logsnorter problem Carlos (Mar 18)
- Re: Logsnorter problem Michael Boman (Mar 19)
- Re: Logsnorter problem Carlos (Mar 18)
- Re: Logsnorter problem Michael Boman (Mar 19)