Michael
Thanks for the information! I will be looking forward for the next version.
Regards
Gregorio
> Date: Sun, 18 Nov 2012 20:22:55 -0500
> From: m...@cipherdyne.org
> To: psad-discuss@lists.sourceforge.net
> Subject: Re: [psad-discuss] Error Bad argument length for
> NetAddr::IP::UtilPP::hasbits when using psad -A
>
> On Nov 18, 2012, Gregorio Narvaez wrote:
>
> >
> > Hi
> >
> > I'm using psad 2.2 on a CentOS 6.3 with kernel 2.6.32-279.14.1.el6.x86_64,
> > it was installed from repository,
> > but running the following command to analyze the logs
> >
> > psad -A --analysis-fields "src:xxx.xxx.xxx.xxx"
> >
> > or
> >
> > psad -A --analysis-fields src:xxx.xxx.xxx.xxx
> >
> > gives the following output:
> >
> > [+] Removing old /var/log/psad/ipt_analysis directory.
> > [+] Entering analysis mode. Parsing /var/log/messages
> > [+] Found 3446 iptables log messages out of 12464 total lines.
> > Use of uninitialized value $_[0] in length at
> > ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into
> > ../../blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al) line 126.
> > Use of uninitialized value $_[0] in length at
> > ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into
> > ../../blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al) line 126.
> > Bad argument length for NetAddr::IP::UtilPP::hasbits, is 0, should be 128
> > at ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into
> > ../../blib/lib/auto/NetAddr/IP/UtilPP/_deadlen.al) line 122.
>
> Thanks for reporting this - it's a bug where --analysis-fields match
> criteria aren't making proper use of NetAddr::IP for IP/network
> searches. This will be fixed in 2.2.1.
>
> > also I receive in my mail after a couple of minutes the following alert
> > message
> >
> > [psad-status] firewa???ll setup warning on xxx.xxx.xxx.xxx
> >
> > This message has appearead before during a reboot but it's due that psad
> > runs before my firewall script, but this occurrence is confusing, because
> > the firewall is operating
>
> If psad runs before the firewall script then it won't be able to see
> what the policy looks like at the time the firewall config check is
> executed. You can disable this check by setting ENABLE_FW_LOGGING_CHECK
> to "N" in the /etc/psad/psad.conf file.
>
> > Also I upgraded the NetAddr::IP::UtilPP via cpan without success.
>
> The problem is definitely a bug in psad that will be fixed in the next
> release.
>
> Thanks,
>
> --Mike
>
>
> > Any help to solve this will be appreciated
> >
> > Regards
>
> ------------------------------------------------------------------------------
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
