Changeset 2187
- Timestamp:
- 07/23/08 21:08:11 (4 months ago)
- Files:
-
- psad/trunk/CREDITS (modified) (1 diff)
- psad/trunk/ChangeLog (modified) (1 diff)
- psad/trunk/psad (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
psad/trunk/CREDITS
r2168 r2187 400 400 to query the whois information associated with certain IP addresses. 401 401 Updating to whois-4.7.26 solved the problem. 402 403 j.bakshi 404 - Reported a bug where IPT_SYSLOG_FILE was not being honored in -A 405 (analyze) mode. psad/trunk/ChangeLog
r2180 r2187 1 psad-2.1.4 (08//2008): 2 - Bugfix to honor the IPT_SYSLOG_FILE variable in --Analyze-msgs mode. 3 1 4 psad-2.1.3 (06/07/2008): 2 5 - Updated to enable IPT_SYSLOG_FILE by default. This is a relatively psad/trunk/psad
r2181 r2187 408 408 my $warn_msg = ''; 409 409 my $die_msg = ''; 410 my $messages_file = '/var/log/messages';411 410 my $skip_first_loop = 1; 412 411 my $cmdl_interface = ''; … … 719 718 ### All firewall drop/reject log messages are written to FW_DATA_FILE 720 719 ### by kmsgsd (or by ulogd directly). 720 print STDERR "[+] Opening iptables data file: $fw_data_file\n" if $debug; 721 721 open FWDATA, $fw_data_file or die '[*] Could not open ', 722 722 "$fw_data_file: $!"; … … 2747 2747 ### SYSLOG_DAEMON is set to ulogd, or if ENABLE_SYSLOG_FILE is set 2748 2748 ### to 'Y' 2749 if ($config{'SYSLOG_DAEMON'} =~ /ulog/i) { 2750 $fw_data_file = $config{'ULOG_DATA_FILE'}; 2751 } elsif ($config{'ENABLE_SYSLOG_FILE'} eq 'Y') { 2752 $fw_data_file = $config{'IPT_SYSLOG_FILE'}; 2753 } else { 2754 $fw_data_file = $config{'FW_DATA_FILE'}; 2749 unless ($fw_data_file) { 2750 if ($config{'SYSLOG_DAEMON'} =~ /ulog/i) { 2751 $fw_data_file = $config{'ULOG_DATA_FILE'}; 2752 } elsif ($config{'ENABLE_SYSLOG_FILE'} eq 'Y') { 2753 $fw_data_file = $config{'IPT_SYSLOG_FILE'}; 2754 } else { 2755 $fw_data_file = $config{'FW_DATA_FILE'}; 2756 } 2755 2757 } 2756 2758 … … 2953 2955 2954 2956 if ($analyze_mode or $gnuplot_mode or $csv_mode) { 2955 die "[*] iptables log file must point to a file (use -m)"2956 if -d $messages_file;2957 $fw_data_file = $config{'IPT_SYSLOG_FILE'} 2958 unless $fw_data_file; 2957 2959 } 2958 2960 … … 6622 6624 $config{'PSAD_DIR'} = $config{'ANALYSIS_MODE_DIR'}; 6623 6625 6624 print "[+] Entering analysis mode. Parsing $ messages_file\n";6625 open MSGS, "< $ messages_file" or die "[*] Could not open ",6626 "$ messages_file: $!";6626 print "[+] Entering analysis mode. Parsing $fw_data_file\n"; 6627 open MSGS, "< $fw_data_file" or die "[*] Could not open ", 6628 "$fw_data_file: $!"; 6627 6629 my @lines = <MSGS>; 6628 6630 close MSGS; … … 6752 6754 $fh = *STDIN; 6753 6755 } else { 6754 print "[+] Parsing iptables log messages from file: $ messages_file\n"6756 print "[+] Parsing iptables log messages from file: $fw_data_file\n" 6755 6757 if $gnuplot_mode; 6756 open MSGS, "< $ messages_file" or die "[*] Could not open ",6757 "$ messages_file: $!";6758 open MSGS, "< $fw_data_file" or die "[*] Could not open ", 6759 "$fw_data_file: $!"; 6758 6760 $fh = *MSGS; 6759 6761 } … … 9665 9667 # mode. 9666 9668 'email-analysis' => \$analysis_emails, # Send analysis mode emails. 9667 'messages-file=s' => \$ messages_file,# Specify the path to file containing9669 'messages-file=s' => \$fw_data_file, # Specify the path to file containing 9668 9670 # old iptables messages (fwdata by 9669 9671 # default).
