Re: Logsnorter problem

[Carlos <zottmann () ig com br>]

Hi !!

Sorry for the inconvenience of sending the same message over and over, but 
I thing my ISP is having some kind of trouble.  I got repeated error 
messages saying that snort-users () lists sourceforge net was not going to 
accept my messages due to the lack of a postmaster account, and I did not 
receive any replies for the message, except yours ....

Anyway, thanks for the help !!

Carlos.

At 09:45 18/3/2004, Michael Boman wrote:
> Hello Carlos,
>
> as Jason Haar already have pointed out to you, logsnorter is not being
> maintained anymore. You are free to fix the problem yourself, and to
> send in any patches for inclusion etc.
>
> But, it does _not_ help sending the same message in over and over. If
> anyone wanted to reply to it, they would already done so.
>
> Best regards
>  Michael Boman
>
> On Thu, 2004-03-18 at 20:12, Carlos wrote:
> > Hi !!
> >
> > We are successfully using Snort and ACID, and decided to store our 
> iptables
> > logs in ACID as well, through the "logsnorter" script.
> >
> > We start logsnorter to read our firewall logs, and, for each line it
> > encounters, it throws the following error:
> >
> > "Bareword found where operator expected at ./logsnorter line 520, near 
> ") DST"
> >          (Missing operator before DST?)"
> >
> > Line 520 has the following code:
> >
> >   if (/^(\w+)+\s+([0-9]+) ([0-9]+):([0-9]+):([0-9]+) ([^\s]+) kernel:
> > IN=(\w+[0-9]+) OUT= SRC=([0-9\.]+) DST=([0-9\.]+)
> > LEN=([0-9]+)         TOS=(\w+) PREC=(\w+) TTL=([0-9]+) ID=([0-9]+)
> > PROTO=(\w+) SPT=([0-9]+) DPT=([0-9]+) WINDOW=([0-9]+) RES=(\w+)
> > ([\w+\s]+)URGP=([1-9]+)        /) {
> >
> > It is the first if used to identify the type of the packet ( incoming TCP,
> > outgoing TCP, etc...)
> >
> > Does anyone knows what is going wrong?
> >
> > Thanks in Advance,
> > Carlos.
>
> And yes, you need to dust off your perl skills to take a deeper look
> into it. No-one else has offered their help so I guess it's up to you if
> you want it fixed.
>
> Having said that, if you feel like throwing some cash into the problem I
> will most certainly take the time to solve this issue.
>
> --
> Michael Boman



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users