On Nov 18, 2012, Gregorio Narvaez wrote: > > Hi > > I'm using psad 2.2 on a CentOS 6.3 with kernel 2.6.32-279.14.1.el6.x86_64, > it was installed from repository, > but running the following command to analyze the logs > > psad -A --analysis-fields "src:xxx.xxx.xxx.xxx" > > or > > psad -A --analysis-fields src:xxx.xxx.xxx.xxx > > gives the following output: > > [+] Removing old /var/log/psad/ipt_analysis directory. > [+] Entering analysis mode. Parsing /var/log/messages > [+] Found 3446 iptables log messages out of 12464 total lines. > Use of uninitialized value $_[0] in length at > ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into > ../../blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al) line 126. > Use of uninitialized value $_[0] in length at > ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into > ../../blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al) line 126. > Bad argument length for NetAddr::IP::UtilPP::hasbits, is 0, should be 128 at > ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into > ../../blib/lib/auto/NetAddr/IP/UtilPP/_deadlen.al) line 122.
Thanks for reporting this - it's a bug where --analysis-fields match criteria aren't making proper use of NetAddr::IP for IP/network searches. This will be fixed in 2.2.1. > also I receive in my mail after a couple of minutes the following alert > message > > [psad-status] firewa???ll setup warning on xxx.xxx.xxx.xxx > > This message has appearead before during a reboot but it's due that psad runs > before my firewall script, but this occurrence is confusing, because the > firewall is operating If psad runs before the firewall script then it won't be able to see what the policy looks like at the time the firewall config check is executed. You can disable this check by setting ENABLE_FW_LOGGING_CHECK to "N" in the /etc/psad/psad.conf file. > Also I upgraded the NetAddr::IP::UtilPP via cpan without success. The problem is definitely a bug in psad that will be fixed in the next release. Thanks, --Mike > Any help to solve this will be appreciated > > Regards ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
