[prev in list] [next in list] [prev in thread] [next in thread]
List: psad-discuss
Subject: Re: [psad-discuss] psad v2.2.3 on 64-bit Linux (Mageia)
From: Michael Rash <michael.rash () gmail ! com>
Date: 2014-12-28 1:09:17
Message-ID: CAA9wn8k49kJeSFB+ah8RyjfARmbh=+sPGSv4EVnDKEaewEnmqg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Fri, Dec 26, 2014 at 10:23 AM, Albert Whale, CEH CHS CISA CISSP <
Albert.Whale@it-security-inc.com> wrote:
>
> Not as I am aware of. Will double check though. I thought that IPv6 was
> disabled (so this is not my intent).
>
I believe I have fixed the issue. Here is a link for psad-2.2.4-pre2 - just
install it with the "install.pl" script as usual. Can you give it a shot
and let me know if this fixes the issue? If so, this will likely become the
psad-2.2.4 release.
https://www.cipherdyne.org/psad/download/psad-2.2.4-pre2.tar.gz
Thanks,
--Mike
>
> Sent from my iPhone
>
> On Dec 25, 2014, at 9:56 PM, Michael Rash <michael.rash@gmail.com> wrote:
>
>
> On Wed, Dec 24, 2014 at 7:39 AM, Albert Whale, CEH CHS CISA CISSP <
> Albert.Whale@it-security-inc.com> wrote:
>>
>> Actually, I can now report that this is occurring on the 32-bit version
>> of the OS as well.
>>
>
> Quick question - are you running an IPv6 filtering and logging policy with
> ip6tables?
>
> Thanks,
>
> --Mike
>
>
>
>>
>> Sent from my iPhone
>>
>> On Dec 23, 2014, at 10:35 PM, Michael Rash <mbr@cipherdyne.org> wrote:
>>
>>
>>
>> On Dec 23, 2014, at 10:29 AM, Albert Whale <
>> Albert.Whale@IT-Security-inc.com> wrote:
>>
>> I am a long time supporter of PSAD, and use it in my services daily.
>>
>>
>> Hello Albert,
>>
>> However, I am also confused (frustrated) with the following messages
>> which ony appear on the 64-bit version of my installed OS.
>>
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6955.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6957.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6959.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6961.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6955.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6957.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6959.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6961.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6955.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6957.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6959.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6961.
>> [+] Version: psad v2.2.3
>>
>>
>> Ok, thanks for the bug report - this definitely needs to be fixed.
>> Interesting that this happens only on your 64-bit systems. I have some
>> ideas for a fix, and I'll send a -pre release for testing in the next
>> couple of days.
>>
>> Thanks,
>>
>> Mike
>>
>> Additionally, I occasionally see that the count down timers have exceeds
>> their counting, and will be written to the iptables messages.
>>
>> Am I missing a command line option?
>>
>> Thank you.
>>
>>
>> --
>> Albert E. Whale, CEH CHS CISA CISSP
>> *President - Chief Security Officer*
>> http://www.IT-Security-inc.com - IT Security, Inc.
>>
>>
>> Phone: 412-515-3010 | Email: Albert.Whale@IT-Security-inc.com
>> Cell: 412-889-6870
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming! The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is
>> your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net
>>
>> _______________________________________________
>> psad-discuss mailing list
>> psad-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming! The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is
>> your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net
>> _______________________________________________
>> psad-discuss mailing list
>> psad-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>>
>>
>
> --
> Michael Rash | Founder
> http://www.cipherdyne.org/
> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>
>
--
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
[Attachment #5 (text/html)]
<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec \
26, 2014 at 10:23 AM, Albert Whale, CEH CHS CISA CISSP <span dir="ltr"><<a \
href="mailto:Albert.Whale@it-security-inc.com" \
target="_blank">Albert.Whale@it-security-inc.com</a>></span> wrote:<blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="auto"><div>Not as I am aware of. Will \
double check though. I thought that IPv6 was disabled (so this is not my \
intent).<br></div></div></blockquote><div><br><br></div><div>I believe I have fixed \
the issue. Here is a link for psad-2.2.4-pre2 - just install it with the "<a \
href="http://install.pl">install.pl</a>" script as usual. Can you give it a shot \
and let me know if this fixes the issue? If so, this will likely become the \
psad-2.2.4 release.<br><br><a \
href="https://www.cipherdyne.org/psad/download/psad-2.2.4-pre2.tar.gz">https://www.cip \
herdyne.org/psad/download/psad-2.2.4-pre2.tar.gz</a><br><br></div><div>Thanks,<br><br></div><div>--Mike<br><br><br></div><div> \
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px \
solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div><br>Sent from my \
iPhone</div><div><div class="h5"><div><br>On Dec 25, 2014, at 9:56 PM, Michael Rash \
<<a href="mailto:michael.rash@gmail.com" \
target="_blank">michael.rash@gmail.com</a>> wrote:<br><br></div><blockquote \
type="cite"><div><div dir="ltr"><br><div class="gmail_extra"><div \
class="gmail_quote">On Wed, Dec 24, 2014 at 7:39 AM, Albert Whale, CEH CHS CISA CISSP \
<span dir="ltr"><<a href="mailto:Albert.Whale@it-security-inc.com" \
target="_blank">Albert.Whale@it-security-inc.com</a>></span> wrote:<blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="auto"><div>Actually, I can now report \
that this is occurring on the 32-bit version of the OS as \
well.<br></div></div></blockquote><div><br></div><div>Quick question - are you \
running an IPv6 filtering and logging policy with \
ip6tables?<br><br>Thanks,<br><br></div><div>--Mike<br><br></div><div> \
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px \
solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div><br>Sent from my \
iPhone</div><span><div><br>On Dec 23, 2014, at 10:35 PM, Michael Rash <<a \
href="mailto:mbr@cipherdyne.org" target="_blank">mbr@cipherdyne.org</a>> \
wrote:<br><br></div></span><div><div><blockquote \
type="cite"><div><div><br><br></div><div>On Dec 23, 2014, at 10:29 AM, Albert Whale \
<<a href="mailto:Albert.Whale@IT-Security-inc.com" \
target="_blank">Albert.Whale@IT-Security-inc.com</a>> \
wrote:<br><br></div><blockquote type="cite"><div>
I am a long time supporter of PSAD, and use it in my services daily.<br>
<br></div></blockquote><div><br></div>Hello Albert,<div><br><div><blockquote \
type="cite"><div> However, I am also confused (frustrated) with the following \
messages which ony appear on the 64-bit version of my installed OS.<br>
<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6955.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6957.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6959.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6961.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6955.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6957.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6959.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6961.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6955.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6957.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6959.<br>
Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
line 6961.<br>
[+] Version: psad v2.2.3<br>
<br></div></blockquote><div><br></div><div>Ok, thanks for the bug report - this \
definitely needs to be fixed. Interesting that this happens only on your 64-bit \
systems. I have some ideas for a fix, and I'll send a -pre release for testing in \
the next couple of days.</div><div><br></div><div>Thanks,</div><div><br></div><div>Mike</div><br><blockquote \
type="cite"><div> Additionally, I occasionally see that the count down timers have
exceeds their counting, and will be written to the iptables
messages.<br>
<br>
Am I missing a command line option?<br>
<br>
Thank you.<br>
<br>
<br>
<div>-- <br>
Albert E. Whale, CEH CHS CISA CISSP<br>
<b>President - Chief Security Officer</b><br>
<a href="http://www.IT-Security-inc.com" \
target="_blank">http://www.IT-Security-inc.com</a> - IT Security, Inc.<br> <br>
<br>
Phone: <a href="tel:412-515-3010" value="+14125153010" \
target="_blank">412-515-3010</a> | Email: <a \
href="mailto:Albert.Whale@IT-Security-inc.com" \
target="_blank">Albert.Whale@IT-Security-inc.com</a><br>
Cell: <a href="tel:412-889-6870" value="+14128896870" \
target="_blank">412-889-6870</a></div>
</div></blockquote><blockquote \
type="cite"><div><span>------------------------------------------------------------------------------</span><br><span>Dive \
into the World of Parallel Programming! The Go Parallel \
Website,</span><br><span>sponsored by Intel and developed in partnership with \
Slashdot Media, is your</span><br><span>hub for all things parallel software \
development, from weekly thought</span><br><span>leadership blogs to news, videos, \
case studies, tutorials and more. Take a</span><br><span>look and join the \
conversation now. <a href="http://goparallel.sourceforge.net" \
target="_blank">http://goparallel.sourceforge.net</a></span></div></blockquote><blockquote \
type="cite"><div><span>_______________________________________________</span><br><span>psad-discuss \
mailing list</span><br><span><a href="mailto:psad-discuss@lists.sourceforge.net" \
target="_blank">psad-discuss@lists.sourceforge.net</a></span><br><span><a \
href="https://lists.sourceforge.net/lists/listinfo/psad-discuss" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/psad-discuss</a></span><b \
r></div></blockquote></div></div></div></blockquote></div></div></div><br>------------------------------------------------------------------------------<br>
Dive into the World of Parallel Programming! The Go Parallel Website,<br>
sponsored by Intel and developed in partnership with Slashdot Media, is your<br>
hub for all things parallel software development, from weekly thought<br>
leadership blogs to news, videos, case studies, tutorials and more. Take a<br>
look and join the conversation now. <a href="http://goparallel.sourceforge.net" \
target="_blank">http://goparallel.sourceforge.net</a><br>_______________________________________________<br>
psad-discuss mailing list<br>
<a href="mailto:psad-discuss@lists.sourceforge.net" \
target="_blank">psad-discuss@lists.sourceforge.net</a><br> <a \
href="https://lists.sourceforge.net/lists/listinfo/psad-discuss" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/psad-discuss</a><br> \
<br></blockquote></div><br clear="all"><br>-- <br><div>Michael Rash | Founder<br><a \
href="http://www.cipherdyne.org/" \
target="_blank">http://www.cipherdyne.org/</a><br>Key fingerprint = 53EA 13EA 472E \
3771 894F AC69 95D8 5D6B A742 839F</div> </div></div>
</div></blockquote></div></div></div></blockquote></div><br clear="all"><br>-- \
<br><div class="gmail_signature">Michael Rash | Founder<br><a \
href="http://www.cipherdyne.org/">http://www.cipherdyne.org/</a><br>Key fingerprint = \
53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F</div> </div></div>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic