Hi, Only a minor modification is needed:
20,21c20 < < my ($ip_list) = $line=~m/alert ip \$HOME_NET any \-\> \[([^\]]+)\]/; --- > my ($ip_list) = $line=~m/alert tcp \$HOME_NET any \<\> \[([^\]]+)\]/; Best regards, Jose El 09/12/10 15:06, Lino Moragon escribió: > Hi List, > > I'm using the great tool Nfsen for some time now and wanted to give the > nfsen-botnet plugin a try. > > As I'm not very acquainted with perl and scripting in general I wanted > to ask if somebody here has got a working conversion script that > downloads the emerging-botcc.rules and converts it to a file usable for > the program botnet_filter. > > I tried it with the example script get_botnets_emerging-botcc included > in the nfsen-botnet-0.3.tar.gz tarball. But I unfortunately failed cause > the script isn't giving me any output at all. > I'm invoking it like: ./get_botnets_emerging-botcc emerging-botcc.rules. > The rules I downloaded from > http://rules.emergingthreats.net/blockrules/emerging-botcc.rules > > Has anyone got a working script? Any help would be greatly apreciated. > > Kind regards > Lino > > > ------------------------------------------------------------------------------ > This SF Dev2Dev email is sponsored by: > > WikiLeaks The End of the Free Internet > http://p.sf.net/sfu/therealnews-com > _______________________________________________ > Nfsen-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > -- Jose Manuel Agudo Cuesta (SI-CPD) Unidad de Redes - Seguridad - Telf. +34-923-294400 Ext 1398 Fax +34-923-294594 Edificio Facultad de Derecho Pza. Universidad de Bolonia s/n 37007 SALAMANCA ESPAÑA (SPAIN) ------------------------------------------------------------------------------ _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
