Package: snort-common
Version: 2.3.0-7
Severity: normal
File: /usr/sbin/snort-stat
Tags: patch
The -y option tells snort to log the year in the alert files. The
snort-stat script does not recognize lines with this format. A quick change
to the RE in the script to allow the date to be of the form mon/day or
hour/day/year fixes this problem.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-cfp3
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages snort-common depends on:
ii adduser 3.63 Add and remove users and groups
ii debconf 1.4.30.11 Debian configuration management sy
ii perl-modules 5.8.4-6 Core Perl modules
ii sysklogd [system-log-daemon] 1.4.1-16 System Logging Daemon
-- debconf information:
snort/deprecated_config:
* snort/address_range: [filtered]
* snort/startup: boot
* snort/options: -y -z
* snort/interface: eth3
* snort/stats_rcpt: root
* snort/config_parameters:
snort/config_error:
snort/please_restart_manually:
* snort/reverse_order: true
* snort/stats_treshold: 1
* snort/disable_promiscuous: true
--- /usr/sbin/snort-stat.orig 2005-02-26 04:17:49.000000000 -0800
+++ /usr/sbin/snort-stat 2005-03-18 10:02:46.290833000 -0800
@@ -71,7 +71,7 @@
$alert->{CLASS} = $1; $alert->{CONTENT} = $2; $alert->{PRIORITY} = $3;
$line=<>;
}
- if ( $line =~ m/^(\d+)\/(\d+)\-(\d+)\:(\d+)\:(\d+)\.(\d+)\s
+ if ( $line =~ m/^(\d+)\/(\d+)(?:\/\d+)?\-(\d+)\:(\d+)\:(\d+)\.(\d+)\s
([\d\.]+)[\:]*([\d]*)\s[\-\>]+\s([\d\.]+)[\:]*([\d]*)/ox) {
next if (!$opt_a && $line =~ /^$yesterday_date_string/);
$alert->{MON} = $1; $alert->{DAY} = $2; $alert->{HOUR} = $3;
