On Nov 20, 2012, Gregorio Narvaez wrote: > > > Michael > > Thanks for the information! I will be looking forward for the next version. > > Regards > > Gregorio > > > Date: Sun, 18 Nov 2012 20:22:55 -0500 > > From: m...@cipherdyne.org > > To: psad-discuss@lists.sourceforge.net > > Subject: Re: [psad-discuss] Error Bad argument length for > > NetAddr::IP::UtilPP::hasbits when using psad -A > > > > On Nov 18, 2012, Gregorio Narvaez wrote: > > > > > > > > Hi > > > > > > I'm using psad 2.2 on a CentOS 6.3 with kernel > > > 2.6.32-279.14.1.el6.x86_64, it was installed from repository, > > > but running the following command to analyze the logs > > > > > > psad -A --analysis-fields "src:xxx.xxx.xxx.xxx" > > > > > > or > > > > > > psad -A --analysis-fields src:xxx.xxx.xxx.xxx > > > > > > gives the following output: > > > > > > [+] Removing old /var/log/psad/ipt_analysis directory. > > > [+] Entering analysis mode. Parsing /var/log/messages > > > [+] Found 3446 iptables log messages out of 12464 total lines. > > > Use of uninitialized value $_[0] in length at > > > ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into > > > ../../blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al) line 126. > > > Use of uninitialized value $_[0] in length at > > > ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into > > > ../../blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al) line 126. > > > Bad argument length for NetAddr::IP::UtilPP::hasbits, is 0, should be 128 > > > at ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into > > > ../../blib/lib/auto/NetAddr/IP/UtilPP/_deadlen.al) line 122.
This bug has been fixed here: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=psad.git;a=commitdiff;h=ff46fe12b238b7f7b63b2f31345bb6a8f99f7efe You are credited with finding the bug here: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=psad.git;a=commitdiff;h=a3d8daabbc60da23116141fd5d899573c3bda199 If you are using git, you can clone the psad repository and run ./install.pl (assuming you don't mind running pre-release code outside of your distribution package management system). There is also a new argument "--stdin" which would allow future things like this to be circumvented like so: # grep " IN=1.2.3.4" /var/log/messages | psad -A --stdin That way grep itself is doing the filtering instead of having to use --analysis-fields. Thanks, --Mike > > Thanks for reporting this - it's a bug where --analysis-fields match > > criteria aren't making proper use of NetAddr::IP for IP/network > > searches. This will be fixed in 2.2.1. > > > > > also I receive in my mail after a couple of minutes the following alert > > > message > > > > > > [psad-status] firewa???ll setup warning on xxx.xxx.xxx.xxx > > > > > > This message has appearead before during a reboot but it's due that psad > > > runs before my firewall script, but this occurrence is confusing, because > > > the firewall is operating > > > > If psad runs before the firewall script then it won't be able to see > > what the policy looks like at the time the firewall config check is > > executed. You can disable this check by setting ENABLE_FW_LOGGING_CHECK > > to "N" in the /etc/psad/psad.conf file. > > > > > Also I upgraded the NetAddr::IP::UtilPP via cpan without success. > > > > The problem is definitely a bug in psad that will be fixed in the next > > release. > > > > Thanks, > > > > --Mike > > > > > > > Any help to solve this will be appreciated > > > > > > Regards > > > > ------------------------------------------------------------------------------ > > Monitor your physical, virtual and cloud infrastructure from a single > > web console. Get in-depth insight into apps, servers, databases, vmware, > > SAP, cloud infrastructure, etc. Download 30-day Free Trial. > > Pricing starts from $795 for 25 servers or applications! > > http://p.sf.net/sfu/zoho_dev2dev_nov > > _______________________________________________ > > psad-discuss mailing list > > psad-discuss@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/psad-discuss > > ------------------------------------------------------------------------------ > Monitor your physical, virtual and cloud infrastructure from a single > web console. Get in-depth insight into apps, servers, databases, vmware, > SAP, cloud infrastructure, etc. Download 30-day Free Trial. > Pricing starts from $795 for 25 servers or applications! > http://p.sf.net/sfu/zoho_dev2dev_nov > _______________________________________________ > psad-discuss mailing list > psad-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/psad-discuss ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
