t yourself. :)
--
Justin J. Novack
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include en
event came in.
If you include your DHCP sec.cfg, we might be better able to help.
--
Justin J. Novack
Official Disturber of the Peace
On Wed, Nov 9, 2011 at 10:25 PM, Tim Peiffer wrote:
> I am trying to instrument sections on our network where various protocol
> chat dialog is missing.
the file.
type=Single
desc=Dynamically reload Hashes
ptype=SubStr
continue=TakeNext
pattern=SEC_SOFT**RESTART
context=SEC_INTERNAL_EVENT
action=eval %a ( open(FILE, ") { chomp; my ($key, $val) = split /=/; $hash{"$key"} = $val;
})
Or, if feeling adventurous, it's merely a .pl f
The regex to match a blank line would be ^$
--
Justin J. Novack
Official Disturber of the Peace
On Sun, Oct 23, 2011 at 11:44 AM, Luis David Leija wrote:
>
>
> --
> L David Leija
___
> Simple-evcorr-users mailing list
> S
t you want with %host as normal.
(P.S. - David, since a reload will reload the hashes, does that count as
completing the extra credit? Do contexts persist a 'kill $PID -HUP'?)
---
Justin J. Novack
Official Disturber of the Peace
---
Sorry for the double post, I wanted to post an intermediate solution:
The correct context line for the second rule would be:
context= =(if (exists $hash{"GigabitEthernet1/37"}) { return 1;} )
This should be the last stumbling block...
--
Justin J. Novack
Official Disturber of
a'
Wed Oct 19 13:36:16 2011: Variable '%a' set to ''
Wed Oct 19 13:36:16 2011: Evaluating code 'my $line; foreach (keys %hash) {
$line .= "$_ = $hash{$_}\n"; }; chomp($line); return $line' and setting
variable '%a'
Wed Oct 19 13:36:16 2011: Vari
ng content to the end, do a "echo >>". Otherwise, stop
editing the file that SEC wants to sequential read :) Or write an
intermediary process.
It's not SEC's fault, it doesn't know it's the same file.
--
Justin J. Novack
Official Disturber of the Peace
On
File-system wise, on save, the file is created from 0 bytes and repopulated,
so SEC might not know that it was a user-edit.
This could happen with nano (pico), try a more powerful editor like vim (or
emacs).
--
Justin J. Novack
Official Disturber of the Peace
On Wed, Oct 19, 2011 at 6:55 AM
#SECPERFORMANCE)
and just deal with adding a line (for each friendly named port) and
recompiling the rules file every time I want to change.
Thoughts?
--
Justin J. Novack
Official Disturber of the Peace
On Tue, Oct 18, 2011 at 1:52 PM, John P. Rouillard wrote:
>
> In message
>
ave to write that rule once,
but I can map interfaces with friendly names?
GigabitEthernet4/38, IMPORTANT SERVER 1
GigabitEthernet4/39, IMPORTANT SERVER 2
GigabitEthernet4/40, IMPORTANT SERVER 3
Thank you kindly,
--
Justin J. Novack
Official Disturber of the Peace
-
11 matches
Mail list logo
