Derek. At last mail I had told you that adapting the regex was problematic
because what I had in my packet fence was very different from what you had
described.
"https://github.com/inverse-inc/packetfence/blob/devel/sbin/pfdetect#L103
Commenting out lines 103 to 131 and adding your new regex code afterward
According to changelog in my system: Last commit date showed Date: Fri Jul 24
10:34:46 2015 -0400
I'm pretty sure my version is 5.3.1
So again:
Where/how should I apply your suggested regex code seen below?
if ( $_ =~
/^(.+?\s\d+\s\d+:\d+:\d+)\s+.+?\[\d+:(\d+):\d+\]\s+(.+?)\s+\[.+?\s+(.+
?)\].+?\}\s+(.+?):.+?>\s(.+?):/ ) {
$date = $1;
$sid = $2;
$descr = $3;
$srcip = $5;
$dstip = $6;
} else {
$logger->warn("unknown input: $_ ");
next;
}
=======================================================================================================
I saw your suggestion regarding SecurityOnion however I am running Suricata
from a FreeBsd platform within Jails.
Security Onion doesn't offer that for me.
Thanks!
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
