[Hatchet-users] Fixes for hatchet-0.8
Bob T. Bostwick
Bob at Bostwick.US
Tue Jun 21 15:45:03 EDT 2005
Sorry to have to ask, but does anyone have a working version of the hatchet diff? I have been trying like crazy to get it to patch. I think the problem is in the formatting. I think my email program changed it (added lines). I even tried to do it manually, but don't know enough about programming, so I keep getting the (Missing right curly or square bracket) messages after my half witted attempts.
Thanks,
B
"Two notable products came out of Cal - Berkley in the 60s - UNIX and LSD. We do not believe this to be a coincidence."
-Unknown
________________________________
From: hatchet-users-bounces at dixongroup.net on behalf of Jason Dixon
Sent: Sun 6/19/2005 1:31 PM
To: Hatchet-Users
Cc: peter_stubbs at non.agilent.com; Christopher Fuhrman
Subject: [Hatchet-users] Fixes for hatchet-0.8
Here are a couple of patches for hatchet and README.chroot that will
fix an issue with hatchet not seeing any pflog entries. Thanks to
Christopher Fuhrman for the patch against bin/hatchet. Thanks to many
folks for reporting me forgetting to mention copying hatchet.conf over
to the chroot (and editing it accordingly). I will try to have
hatchet-0.8.1 out today or tomorrow, which will have these patches
included. These patches have been tested against OpenBSD 3.7.
--- hatchet-0.8/bin/hatchet Thu May 12 21:38:22 2005
+++ hatchet-0.8/bin/hatchet Sun Jun 19 11:16:17 2005
@@ -146,7 +146,17 @@
my $input = $_;
my ($date, $points, $rulenum, $action,
$interface, $src_host, $src_port, $dst_host, $dst_port, $remainder);
SWITCH: {
+ if ($input =~ /(\w+ \d+
\d+:.\d:.\d+)\.(\d+) rule (\d+)\/\(match\) (\w+ \w+) \w+ (\w+)\:
(\d+\.\d+\.\d+\.\d+)\.(\d+) > (\d+\.\d+\.\d+\.\d+)\.(\d+)\:(.*)/)
+ {
+ ($date, $points,
$rulenum, $action, $interface, $src_host, $src_port, $dst_host,
$dst_port, $remainder) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10);
+ last SWITCH;
+ }
if ($input =~ /(\w+ \d+
\d+:.\d:.\d+)\.(\d+) rule (\d+)\/\d+\(match\)\: (\w+ \w+) \w+ (\w+)\:
(\d+\.\d+\.\d+\.\d+)\.(\d+) > (\d+\.\d+\.\d+\.\d+)\.(\d+)\:(.*)/)
+ {
+ ($date, $points,
$rulenum, $action, $interface, $src_host, $src_port, $dst_host,
$dst_port, $remainder) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10);
+ last SWITCH;
+ }
+ if ($input =~ /(\w+ \d+
\d+:.\d:.\d+)\.(\d+) rule (\d+)\/\(match\)\: (\w+ \w+) \w+ (\w+)\:
([a-f0-9\:]+)\.(\d+) > ([a-f0-9\:]+)\.(\d+)\:(.*)/)
{
($date, $points,
$rulenum, $action, $interface, $src_host, $src_port, $dst_host,
$dst_port, $remainder) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10);
last SWITCH;
--- hatchet-0.8/Docs/README.chroot Sun Jun 19 10:52:52 2005
+++ hatchet-0.8/Docs/README.chroot Sun Jun 19 10:53:30 2005
@@ -38,4 +38,7 @@
3) Move the database into chroot
> mv /var/db/pflog.db /var/www/var/db/pflog.db
-4) Restart Apache
+4) Edit /etc/hatchet.conf to point to the chrooted database
+ $db_file = '/var/www/var/db/pflog.db';
+
+5) Restart Apache
Thanks,
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
_______________________________________________
Hatchet-users mailing list
Hatchet-users at dixongroup.net
http://www.dixongroup.net/mailman/listinfo/hatchet-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dixongroup.net/pipermail/hatchet-users/attachments/20050621/abb2e5dd/attachment-0001.htm
More information about the Hatchet-users
mailing list