-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
using check_logfiles to search for Portscans in /var/log/snort/alert =20
I get this output:
&#-56;&#-99;=19=08h&#-22;>=08 - (3 errors in =20
check_logfiles.protocol-2007-07-06-11-08-53) - [**] [122:1:0] =20
(portscan) TCP Portscan [**] ...
The wired characters starting with & and ending with > should read =20
CRITICAL. Similar garbage is returned with OK, just shorter.
The characters *change* with each (re)check and they are NOT shown if =20=
check_logfiles is called from the command-line.
I already contacted the author of the plugin, he never has seen this =20
before - so I guess there is a relation to the Nagios release 3.x
Other plugins (check_load, check_users, etc. from 1.4.9) do NOT show =20
this behavior.
Looking into nagios.log I find lines related to check_logfiles with =20
"Additional Info: \n\nI" and similar.
Nagios 3.0a5 on Ubuntu Server 6.01 with Apache 2.0.55 and =20
check_logfiles v2.2.4.1.
Any idea?
Cheers, Ingo
- --
Ingo Lantschner
Vienna/Austria
Mob (+43-664) 143 84 18
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFGk5W9encxbxkaIHoRAkT9AJ0flIFfK+srTv6jb4HkBAMEDQJQ9wCeOJJX
SLJ9GEbYilouL98e/EpYA5U=3D
=3DmqOM
-----END PGP SIGNATURE-----
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]