Hello, I'm using SEC 2.4.2 and am having problems with the write action.
I'm using the following rule to try to write all invalid ssh users to a log file: type=single ptype=RegExp pattern=sshd\[\d+\]: Invalid user \S+ from (\S+)$ action=write "/tmp/bad-ssh/foo.log" desc=bad ssh from $1 When running SEC, I'm getting a bunch of these error messages: Writing event 'bad ssh from 125.69.132.103' to file "/tmp/bad-ssh/foo.log" Can't open file "/tmp/bad-ssh/foo.log" for writing event 'bad ssh from 125.69.132.103'! I've tried this both under MacOS 10.4 and OpenSuSE 10.3. Both are Perl v5.8.8. Thanks for any help you can provide, Jim James E. Prewett [EMAIL PROTECTED] [EMAIL PROTECTED] Systems Team Leader LoGS: http://www.hpc.unm.edu/~download/LoGS/ Designated Security Officer OpenPGP key: pub 1024D/31816D93 HPC Systems Engineer III UNM HPC 505.277.8210 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
