On Wed, Jan 03, 2007 at 05:44:34PM -0600, Chris wrote: > On Tuesday 02 January 2007 3:54 pm, Bob McClure Jr wrote: > > sa-stats.pl as distributed with SA v3.1.7 blows out a ton of > > > > WARNING: ignoring future date in syslog line: Dec 31 20:26:56 bubba > > spamd[7149]: prefork: child states: II > > > > and the like, and ends up reporting zeros for results. Another > > machine with the same sa-stats.pl (and an earlier version as well) > > works just fine. Both machines are running Fedora Core 4 with Perl > > v5.8.6, but the one difference I found is in Parse::Syslog. The > > machine that works has v1.03. The one that blows up has v1.09. > > > I run sa-stats.pl written by Dallas: > > # file: sa-stats.pl > # date: 2005-07-27 > # version: 0.9 > # author: Dallas Engelken <[EMAIL PROTECTED]> > # desc: SA 3.x log parser > > on my 3.1.7 SA version with no problems. > -- > Chris > KeyID 0xE372A7DA98E6705C > http://learn.to/quote
So do I. In fact I use the new and improved v1.02 for SA v3.1.x. For those just tuning in, it's here: http://www.rulesemporium.com/programs/sa-stats-1.0.txt It and the sa-stats.pl included with SA produce very different reports, and I find both reports useful. Pity they have the same name. I renamed Dallas' script sa-stats-sare.pl to keep them straight. Hmm. I shoulda called it sare-stats.pl. Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. [EMAIL PROTECTED] http://www.bobcatos.com Whatever you have learned or received or heard from me, or seen in me -- put it into practice. And the God of peace will be with you. Philippians 4:9 (NIV)
