[Snort-users] Re: problem with Swatch

Luey Kum Weng coldness85 at ...11827...
Wed Mar 9 08:50:53 EST 2005


Here is my swatchrc.txt file it's just a trial file. Could you also
send me the swatch configuration manual. Thanks a lot.

  #
  #
  #swatch -c /etc/swatchrc -t /var/log/snort/alert
  #
  ###Snort Alerts
  # Watch for entries containing the word 'Priority' in the snort alert file.
  # Display it in green on the screen
  # Mail alert to alerts at ...13154... with subject of the email
                                                                                
  # being "--Snort IDS Alert--"
  #
  # log in file /var/log/IDS-scan
                                                                                
                                                                                
  watchfor /Priority/
  /hotmail
  echo green
  mail addresses=coldness85\@hotmail.com ,subject=--Snort Alerts--
  exec echo $0 >> /var/log/IDS-scans

bu333 at ...8908...> wrote:
> 
> Hi,
> > Thanks alot. It did help but a new error appeared.
> > 
> > Bareword found where operator expected at /root/.swatch_script.4392
> > line 127, near "&Swatch::Actions::exec_command('COMMAND' => "echo $0
> >>> /var"
> >   (Might be a runaway multi-line // string starting on line 124)
> >               (Missing operator before var?)
> > Warning: Use of "log" without parens is ambigous at
> > /root/.swatch_script.4392 line 127.
> > syntax error at /root/.swatch_script.4392 line 127, near
> > "&Swatch::Actions::exec_command('COMMAND' => "echo $0 >> /var"
> > syntax error at /root/.swatch_script.4392 line 127.
> 
> Actually your swatchrc.txt. is the cause for your problem.
> Post ur swatch.txt file in the list. Let me then help you.
> 
> Also, if you are in need of the swatch configuration manual, write to me.
> 
> 
> --
> Senthil Prabu.S
> 
>




More information about the Snort-users mailing list