Michael 

Thanks for the information! I will be looking forward for the next version.

Regards

Gregorio

> Date: Sun, 18 Nov 2012 20:22:55 -0500
> From: m...@cipherdyne.org
> To: psad-discuss@lists.sourceforge.net
> Subject: Re: [psad-discuss] Error Bad argument length for 
> NetAddr::IP::UtilPP::hasbits when using psad -A
> 
> On Nov 18, 2012, Gregorio Narvaez wrote:
> 
> > 
> > Hi
> > 
> > I'm using psad 2.2 on a CentOS 6.3 with kernel  2.6.32-279.14.1.el6.x86_64, 
> > it was installed from repository,
> > but running the following command to analyze the logs 
> > 
> > psad -A --analysis-fields "src:xxx.xxx.xxx.xxx" 
> > 
> > or
> > 
> > psad -A --analysis-fields src:xxx.xxx.xxx.xxx
> > 
> > gives the following output:
> > 
> > [+] Removing old /var/log/psad/ipt_analysis directory.
> > [+] Entering analysis mode.  Parsing /var/log/messages
> > [+] Found 3446 iptables log messages out of 12464 total lines.
> > Use of uninitialized value $_[0] in length at 
> > ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into 
> > ../../blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al) line 126.
> > Use of uninitialized value $_[0] in length at 
> > ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into 
> > ../../blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al) line 126.
> > Bad argument length for NetAddr::IP::UtilPP::hasbits, is 0, should be 128 
> > at ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into 
> > ../../blib/lib/auto/NetAddr/IP/UtilPP/_deadlen.al) line 122.
> 
> Thanks for reporting this - it's a bug where --analysis-fields match
> criteria aren't making proper use of NetAddr::IP for IP/network
> searches.  This will be fixed in 2.2.1.
> 
> > also I receive in my mail after a couple of minutes the following alert 
> > message
> > 
> > [psad-status] firewa???ll setup warning on xxx.xxx.xxx.xxx
> > 
> > This message has appearead before during a reboot but it's due that psad 
> > runs before my firewall script, but this occurrence is confusing, because 
> > the firewall is operating 
> 
> If psad runs before the firewall script then it won't be able to see
> what the policy looks like at the time the firewall config check is
> executed.  You can disable this check by setting ENABLE_FW_LOGGING_CHECK
> to "N" in the /etc/psad/psad.conf file.
> 
> > Also I upgraded the NetAddr::IP::UtilPP via cpan without success.
> 
> The problem is definitely a bug in psad that will be fixed in the next
> release.
> 
> Thanks,
> 
> --Mike
> 
> 
> > Any help to solve this will be appreciated
> > 
> > Regards
> 
> ------------------------------------------------------------------------------
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss
                                          
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to