[Snort-users] Re: problem with Swatch
Luey Kum Weng
coldness85 at ...11827...
Wed Mar 9 08:50:53 EST 2005
Here is my swatchrc.txt file it's just a trial file. Could you also
send me the swatch configuration manual. Thanks a lot.
#swatch -c /etc/swatchrc -t /var/log/snort/alert
# Watch for entries containing the word 'Priority' in the snort alert file.
# Display it in green on the screen
# Mail alert to alerts at ...13154... with subject of the email
# being "--Snort IDS Alert--"
# log in file /var/log/IDS-scan
mail addresses=coldness85\@hotmail.com ,subject=--Snort Alerts--
exec echo $0 >> /var/log/IDS-scans
bu333 at ...8908...> wrote:
> > Thanks alot. It did help but a new error appeared.
> > Bareword found where operator expected at /root/.swatch_script.4392
> > line 127, near "&Swatch::Actions::exec_command('COMMAND' => "echo $0
> >>> /var"
> > (Might be a runaway multi-line // string starting on line 124)
> > (Missing operator before var?)
> > Warning: Use of "log" without parens is ambigous at
> > /root/.swatch_script.4392 line 127.
> > syntax error at /root/.swatch_script.4392 line 127, near
> > "&Swatch::Actions::exec_command('COMMAND' => "echo $0 >> /var"
> > syntax error at /root/.swatch_script.4392 line 127.
> Actually your swatchrc.txt. is the cause for your problem.
> Post ur swatch.txt file in the list. Let me then help you.
> Also, if you are in need of the swatch configuration manual, write to me.
> Senthil Prabu.S
More information about the Snort-users