Package: snort-common
Version: 2.7.0-19
Severity: normal
Tags: patch
Hi,
I've found that snort-stat misses alerts that are not generated by rules
but the preprocessors. The reason is that it wants the 2nd line of the
report to contain both "[Classification: ...]" and "[Priority: ...]" but
alerts generated by preprocessors contain "[Priority: ...]" only. The
following patch fixes it for me. It also fixes the incorrect setting of
$alert->{PRIORITY} for alerts generated by rules, although the value
does not seem to be used anywhere.
--- snort-stat.orig 2008-08-09 22:38:29.000000000 +0200
+++ snort-stat 2008-09-26 11:40:39.000000000 +0200
@@ -68,7 +68,11 @@
}
if ( $line =~ m/^\[Classification\:([^\]]*)\]\s
\[Priority\:\s(\d+)\]/ox) {
- $alert->{CLASS} = $1; $alert->{CONTENT} = $2; $alert->{PRIORITY} = $3;
+ $alert->{CLASS} = $1; $alert->{PRIORITY} = $2;
+ $line=<>;
+ }
+ if ( $line =~ m/^\[Priority\:\s(\d+)\]/ox) {
+ $alert->{PRIORITY} = $1;
$line=<>;
}
if ( $line =~ m/^(\d+)\/(\d+)(?:\/\d+)?\-(\d+)\:(\d+)\:(\d+)\.(\d+)\s
Gabor
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (101,
'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.27-rc7 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages snort-common depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0] 1.5.23 Debian configuration management sy
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii perl-modules 5.10.0-14 Core Perl modules
ii sysklogd [system-log-daemon] 1.5-5 System Logging Daemon
snort-common recommends no packages.
Versions of packages snort-common suggests:
ii snort-doc 2.8.1-2 Documentation for the Snort IDS [d
-- debconf information excluded
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
