Re: Logsnorter problem

[Michael Boman <michael () ayeka dyndns org>]

Hello Carlos,

as Jason Haar already have pointed out to you, logsnorter is not being
maintained anymore. You are free to fix the problem yourself, and to
send in any patches for inclusion etc.

But, it does _not_ help sending the same message in over and over. If
anyone wanted to reply to it, they would already done so.

Best regards
 Michael Boman

On Thu, 2004-03-18 at 20:12, Carlos wrote:
> Hi !!
>
> We are successfully using Snort and ACID, and decided to store our iptables 
> logs in ACID as well, through the "logsnorter" script.
>
> We start logsnorter to read our firewall logs, and, for each line it 
> encounters, it throws the following error:
>
> "Bareword found where operator expected at ./logsnorter line 520, near ") DST"
>          (Missing operator before DST?)"
>
> Line 520 has the following code:
>
>   if (/^(\w+)+\s+([0-9]+) ([0-9]+):([0-9]+):([0-9]+) ([^\s]+) kernel: 
> IN=(\w+[0-9]+) OUT= SRC=([0-9\.]+) DST=([0-9\.]+) 
> LEN=([0-9]+)         TOS=(\w+) PREC=(\w+) TTL=([0-9]+) ID=([0-9]+) 
> PROTO=(\w+) SPT=([0-9]+) DPT=([0-9]+) WINDOW=([0-9]+) RES=(\w+) 
> ([\w+\s]+)URGP=([1-9]+)        /) {
>
> It is the first if used to identify the type of the packet ( incoming TCP, 
> outgoing TCP, etc...)
>
> Does anyone knows what is going wrong?
>
> Thanks in Advance,
> Carlos.

And yes, you need to dust off your perl skills to take a deeper look
into it. No-one else has offered their help so I guess it's up to you if
you want it fixed.

Having said that, if you feel like throwing some cash into the problem I
will most certainly take the time to solve this issue.

-- 
Michael Boman

Attachment: signature.asc
Description: This is a digitally signed message part