Snort mailing list archives
Re: Logsnorter problem
From: Michael Boman <michael () ayeka dyndns org>
Date: Thu, 18 Mar 2004 20:45:55 +0800
Hello Carlos, as Jason Haar already have pointed out to you, logsnorter is not being maintained anymore. You are free to fix the problem yourself, and to send in any patches for inclusion etc. But, it does _not_ help sending the same message in over and over. If anyone wanted to reply to it, they would already done so. Best regards Michael Boman On Thu, 2004-03-18 at 20:12, Carlos wrote:
Hi !! We are successfully using Snort and ACID, and decided to store our iptables logs in ACID as well, through the "logsnorter" script. We start logsnorter to read our firewall logs, and, for each line it encounters, it throws the following error: "Bareword found where operator expected at ./logsnorter line 520, near ") DST" (Missing operator before DST?)" Line 520 has the following code: if (/^(\w+)+\s+([0-9]+) ([0-9]+):([0-9]+):([0-9]+) ([^\s]+) kernel: IN=(\w+[0-9]+) OUT= SRC=([0-9\.]+) DST=([0-9\.]+) LEN=([0-9]+) TOS=(\w+) PREC=(\w+) TTL=([0-9]+) ID=([0-9]+) PROTO=(\w+) SPT=([0-9]+) DPT=([0-9]+) WINDOW=([0-9]+) RES=(\w+) ([\w+\s]+)URGP=([1-9]+) /) { It is the first if used to identify the type of the packet ( incoming TCP, outgoing TCP, etc...) Does anyone knows what is going wrong? Thanks in Advance, Carlos.
And yes, you need to dust off your perl skills to take a deeper look into it. No-one else has offered their help so I guess it's up to you if you want it fixed. Having said that, if you feel like throwing some cash into the problem I will most certainly take the time to solve this issue. -- Michael Boman
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Logsnorter problem Carlos (Mar 15)
- Re: Logsnorter problem Jason Haar (Mar 15)
- <Possible follow-ups>
- Logsnorter problem Carlos (Mar 18)
- Re: Logsnorter problem Michael Boman (Mar 19)
- Re: Logsnorter problem Carlos (Mar 18)
- Re: Logsnorter problem Michael Boman (Mar 19)