Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: swatch error

From: Todd Holloway <todd () duckland org>
Date: Wed, 27 Nov 2002 10:39:23 -0600
try throttle 01:00 the man page shows an example using
this format.



todd

On Wed, Nov 27, 2002 at 12:28:00PM -0300, Petriz, Pablo wrote:

Hello list!

This is a bit out of the scope of this list, but i couldn?t find help in
swatch lists and i know that many snorters use swatch.

I?m having problems using the throttle option. 
This option (as i understand) makes swatch send only 1 alert when more than
1 similar alerts happen between
a given time lapse, but i receive an error and it doesn?t work.

Error:
Date::Calc::Delta_DHMS(): not a valid time at /root/.swatch_script.4390 line
227.

These are some lines near 227 in the swach_script.4390:
if (exists $Msg_Rec{$key} and defined $Msg_Rec{$key}->{ymdhms}) {
    my $passed = 1;
    $Msg_Rec{$key}->{count}++;
    if ($ymdhms[1] > $Msg_Rec{$key}->{ymdhms}[1]) { $ymdhms[0]--; }
    my @delta_dhms = Delta_DHMS(@{$Msg_Rec{$key}->{ymdhms}}, @ymdhms);  //
line 227
    foreach my $i (0..$#min_dhms_delta) {
      $passed = 0 if ($delta_dhms[$i] < $min_dhms_delta[$i]);
      last unless ($delta_dhms[$i] == $min_dhms_delta[$i]);
    }

This is my conf file:
watchfor /\[\*\*\]/ 
         echo
         mail=mte@xxxx,subject=--- Alertas de Snort! --- 
         mail=pep@xxxx,subject=--- Alertas de Snort! --- 
throttle 00:01:00 


Any help will be appreciated. TIA!


PABLO


-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
[It] contains "vegetable stabilizer" which sounds ominous.  How unstable are vegetables?
                                                                Jeff Zahn


-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: