Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: problem with Swatch

From: Luey Kum Weng <coldness85 () gmail com>
Date: Thu, 10 Mar 2005 00:50:12 +0800
Here is my swatchrc.txt file it's just a trial file. Could you also
send me the swatch configuration manual. Thanks a lot.

  #
  #
  #swatch -c /etc/swatchrc -t /var/log/snort/alert
  #
  ###Snort Alerts
  # Watch for entries containing the word 'Priority' in the snort alert file.
  # Display it in green on the screen
  # Mail alert to alerts () yourdomiain com with subject of the email
                                                                                
  # being "--Snort IDS Alert--"
  #
  # log in file /var/log/IDS-scan
                                                                                
                                                                                
  watchfor /Priority/
  /hotmail
  echo green
  mail addresses=coldness85\@hotmail.com ,subject=--Snort Alerts--
  exec echo $0 >> /var/log/IDS-scans

bu333 () hotpop com> wrote:


Hi,

Thanks alot. It did help but a new error appeared.

Bareword found where operator expected at /root/.swatch_script.4392
line 127, near "&Swatch::Actions::exec_command('COMMAND' => "echo $0

/var"

  (Might be a runaway multi-line // string starting on line 124)
              (Missing operator before var?)
Warning: Use of "log" without parens is ambigous at
/root/.swatch_script.4392 line 127.
syntax error at /root/.swatch_script.4392 line 127, near
"&Swatch::Actions::exec_command('COMMAND' => "echo $0 >> /var"
syntax error at /root/.swatch_script.4392 line 127.


Actually your swatchrc.txt. is the cause for your problem.
Post ur swatch.txt file in the list. Let me then help you.

Also, if you are in need of the swatch configuration manual, write to me.


--
Senthil Prabu.S





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: