hi Jim, try the same 'write' action with double quotes removed around the filename -- does it solve the problem? risto
Jim Prewett wrote: > Hello, > > I'm using SEC 2.4.2 and am having problems with the write action. > > I'm using the following rule to try to write all invalid ssh users to a > log file: > > type=single > ptype=RegExp > pattern=sshd\[\d+\]: Invalid user \S+ from (\S+)$ > action=write "/tmp/bad-ssh/foo.log" > desc=bad ssh from $1 > > When running SEC, I'm getting a bunch of these error messages: > > Writing event 'bad ssh from 125.69.132.103' to file "/tmp/bad-ssh/foo.log" > Can't open file "/tmp/bad-ssh/foo.log" for writing event 'bad ssh from > 125.69.132.103'! > > I've tried this both under MacOS 10.4 and OpenSuSE 10.3. Both are Perl > v5.8.8. > > Thanks for any help you can provide, > Jim > > James E. Prewett [EMAIL PROTECTED] [EMAIL PROTECTED] > Systems Team Leader LoGS: http://www.hpc.unm.edu/~download/LoGS/ > Designated Security Officer OpenPGP key: pub 1024D/31816D93 > HPC Systems Engineer III UNM HPC 505.277.8210 > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Simple-evcorr-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
