|
Hi, the problem was not so hard to find ... a regexp
error ... sorry ... Brian, can you please test this
INSERT INTO `syslog_types` (`id`, `match_text`, `interface`,
`username`, `state`, `info`, `type`, `pos`) VALUES (43, '^security\\[failure\\]
(\\d*) (.*)',
'', '', '1', '2', 49, 10);
INSERT INTO `types` VALUES (49, 'Win Security', 3,
'<info> (ID:<state>)', 0, 1, 0, 1, 1);
David LIMA
Professional Services
-------- Message d'origine--------
De:
[EMAIL PROTECTED] de la part de LIMA David
Date: lun. 02/05/2005 19:18
Ã:
[email protected]
Cc:
Objet:
[jffnms-users] RE : [jffnms-users] JFFNMS Truncating syslog messages from
Syslog-ng
Hi, I don't think the problem is the same because the bug where caused by
the Word "unknow" in event text. Perhaps you can try to see if the
problem come from a particular word or caracter like i have done. See http://article.gmane.org/gmane.network.jffnms.user/2979 for
more info on what i've done.
HTH
David LIMA
-------- Message d'origine--------
De:
[EMAIL PROTECTED] de la part de Craig Small
Date: lun. 02/05/2005 09:58
Ã:
[email protected]
Cc:
Objet: Re:
[jffnms-users] JFFNMS Truncating syslog messages from
Syslog-ng
On Fri, Apr 29, 2005 at 09:02:42AM -0400, Brian Hoban
wrote:
> Apr 26 16:14:01 grcad000dc security[failure] 680 NT
AUTHORITY\SYSTEM Logon attempt by:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account:mslager
Source Workstation:CINCO155n Error
Code:0xC000006A
>
> Everything looks just peachy.
However when I see the alert come over into the events, it gets truncated.
This is my output from the JFFNMS events:
>
> 680 nt
authority\system logon attempt by: m)
>
> Anyone
know why it's doing that?
Someone had an almost identical problem to
this and it was a small bug
in JFFNMS. It appears to be
interpreting something rather than just
copying
verbatim.
Perhaps David Lima can help
http://thread.gmane.org/gmane.network.jffnms.user/2930
It
could be the field size is not big enough, or something else.
- Craig
--
Craig Small GnuPG:1C1B D893
1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5
Eye-Net Consulting http://www.enc.com.au/
MIEE Debian
developer
csmall at :
enc.com.au
ieee.org
debian.org
-------------------------------------------------------
This
SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered
up and give it your best shot. 4 great events, 4
opportunities to win
big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma
display. Visit http://www.necitguy.com/?r=20
_______________________________________________
jffnms-users
mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jffnms-users
------------------------------------------------------------------------------------------
Ce
message contient des informations dont le contenu est susceptible d'Ãtre
confidentiel.
Il est destinà au(x) destinataire(s) indiquÃ(s)
exclusivement.
A moins que vous ne fassiez partie de la liste des
destinataires, ou que vous soyez
habilità à recevoir le mail à leur place,
il vous est interdit de le copier, de l'utiliser
ou de dÃvoiler son contenu
à un tiers.
Si vous avez reÃu cet email par erreur, merci de prendre
contact avec l'Ãmetteur.
Les opinions exprimÃes dans cet e-mail sont
celles de l'Ãmetteur et ne reflÃtent pas
nÃcessairement celles de
l'entreprise.
Ce e-mail peut contenir des piÃces jointes dont certaines
pourraient contenir des virus
qui pourraient endommager votre systÃme
informatique.
La compagnie a pris toutes dispositions afin de minimiser
ce risque et dÃcline toute
responsabilità pour toute perte ou dommage
rÃsultant directement ou indirectement de
l'utilisation de cet email ou de
son contenu.
Il vous appartient d'effectuer vos propres contrÃles
anti-virus avant d'ouvrir
la ou les piÃces
jointes.
------------------------------------------------------------------------------------------
|
