Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: A q for the gurus. Filehandling & reacting to events (?)
Top Forums Shell Programming and Scripting A q for the gurus. Filehandling & reacting to events (?) Post 302071527 by blowtorch on Friday 21st of April 2006 10:58:41 AM
Old 04-21-2006
Quote:
Originally Posted by Fred
i.e I dont really understand the part: "alert_triggered -eq 1".

Would it require me to set up some variable(alert_triggered) that is hooked on to snort and listens for alerts? (Or is this alerter functionality already built-in and waiting for me somewhere in linux)
By alert_triggered -eq 1, I just meant that if the alert is triggered. See, I have never used snort, I don't even know what it does. So hooking up the alert with your script will have to be done by you, or may be someone else here has used snort and will help you.

Cheers
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Any RF unix gurus out there?

I am having a problem here. We are having several problems in regards to hung process's on unix (HPUX box), caused by my RF equipment (Mobile data capture units). these contact the host via a simply telnet session and locks the system? Is it a timeout problem as the timeout is disabled on the host. (5 Replies)
Discussion started by: Subrosa
5 Replies

2. Shell Programming and Scripting

SED GURUS - Help!

I wish to substituite a string on each line but ONLY if it appears within double-quotes: this_string="abc#def#geh" # Comment here I wish to change the "#" characters within the double quoted string to "_": this_string="abc_def_geh" # Comment here ... but as you see, the "comment" hash... (2 Replies)
Discussion started by: Simerian
2 Replies

3. Shell Programming and Scripting

Hey Perl Gurus

Hey guys im trying to get this if statement to work and i dont know whats wrong. can anybody help? if($author=~/\A+\Z/i)&&(length($author!=0)) { print " $author validation correct" } elsif($author!=~/\A+\Z/i)&&(length($author=0)) { $author='BLANK'; } else { ... (1 Reply)
Discussion started by: neil1983
1 Replies

4. Shell Programming and Scripting

Unix/Linux gurus...here is Q 4u

Suppose I have two files 1.txt and 2.txt. My aim is to find (Total execution time/Number of executions) then sort the result as in decreasing order. Can anyone provide me any shell/perl/awk script or a Command to do that in faster way ? 1.txt : =============================== Number of... (4 Replies)
Discussion started by: Rahulpict
4 Replies

5. Web Development

PHPMaker 9 Help with Server Events & Filter

Hello, I need some help with PHPMaker 9 "Server Events". trying to do a simple filter but my lack of knowledge of PHP & Mysql is getting me in a jam. I have 2 tables: MyMainTable = which has all individual records for different people and Users = the security table that also has... (0 Replies)
Discussion started by: vestport
0 Replies

6. UNIX for Dummies Questions & Answers

Calling all the awk gurus out there.

Hi all, I just signed up to the forums, although, I have lurked on here for awhile. Anyways, my issue is I am trying to get awk to spit out something I can use without having to spend hours in excel hell haha. So, I used sed to replace the spaces with semicolons and redirected that to a file. ... (6 Replies)
Discussion started by: savigabi
6 Replies

7. Shell Programming and Scripting

Question to gurus about sed.

Hi Folks. I need change something into file and after all manipulation I need delete only last COMMA into this piece of code -> GROUP 1 ( '/oralog1/ORAPRD/log01a.dbf', '/oralog2/ORAPRD/log01b.dbf' ) SIZE 512M, GROUP 2 ( '/oralog1/ORAPRD/log02a.dbf', ... (12 Replies)
Discussion started by: beckss
12 Replies

LEARN ABOUT DEBIAN

prelude-admin

prelude-admin(1)					      General Commands Manual						  prelude-admin(1)

NAME

       prelude-admin - Manage agents accounts

SYNOPSIS

       prelude-admin <subcommand> [options] [args]

       prelude-admin add <profile name> [--uid UID] [--gid GID]

       prelude-admin chown <profile name> [--uid UID] [--gid GID]

       prelude-admin del <profile name>

       prelude-admin rename <profile name> <profile name>

       prelude-admin  register	<profile  name>  <wanted  permission>  <registration-server  address>  [--uid  UID] [--gid GID] [--passwd=PASSWD>]
       [--passwd-file=<FILE>]

       prelude-admin registration-server <profile name> [--uid UID] [--gid GID] [--prompt] [--passwd=PASSWD>] [--passwd-file=<FILE>] [--keepalive]
       [--no-confirm] [--listen]

       prelude-admin revoke <profile> <analyzerID> [--uid UID] [--gid GID]

DESCRIPTION

       In order for an agent to communicate with a manager, it must be registered. Registration involves several steps:
	- Allocating an unique identity for the agent
	- Creating directory to be used by the agent (example: failover purpose)
	-  Registering	to a remote 'prelude-manager': get a signed X509 certificate that will allow communication between agent and manager using
       the specified permissions.

       All these informations are stored in an agent profile.

       An agent profile is identified by its name. When an agent is started, it will load the profile of the same name as the program itself, that
       is, if your agent is named "prelude-lml", the agent will load the profile named "prelude-lml".

       The  name  of the profile can be overriden using the '--prelude --profile name_of_my_profile' command line option. It is possible to define
       the profile name so that you can have several instances of one agent running with different permissions, using different profiles.

       Note that profiles are not specific to agents, but are used in all programs of the Prelude suite (agents, managers, etc).

       If you are not sure which permission your agent should get, just start it and default permissions will be displayed.

OPTIONS

       <profile name> is the default name of the agent you are installing or your own defined name.

       If you start your agent without prior registration, a warning is displayed including the default profile name on how to register the agent.

       <requested permission> is the permission your agent needs. It is composed of permission	attributes  (idmef  or	admin)	and  access  type:
       read/write (r/w). By default, an agent need permissions for writing IDMEF to a manager, and reading administrative command sent to it. That
       is : "idmef:w admin:r".

       <manager address> is the address of the prelude-manager you wish to register. this can either be its IP address or  its	hostname.  If  you
       made a local installation, you can write localhost to connect via unix socket.

       Remember  to  use  the  correct uid/gid when registering your agent. For instance, if you want to register snort (running with snort euid /
       egid), use --uid snort --gid snort.

       add <analyzer profile>
	    Setup a new agent user.

	    --uid=UID UID or user to use to setup agent files.

	    --gid=GID GID or group to use to setup agent files.

       chown <analyzer profile>
	    Change analyzer owner.

	    --uid=UID UID or user to use to setup agent files.

	    --gid=GID GID or group to use to setup agent files.

       del <analyzer profile>
	    The delete command will remove the agent files created through "add" command. Once this is done, the analyzer  can't  be  used  unless
	    "register" or "add" is called again.

       rename <analyzer profile> <analyzer profile>
	    Rename an existing analyzer.

       register <profile name> <wanted permission> <registration-server address>
	    Register an analyzer.

	    Register  and  create the analyzer basic setup if needed.  It will also configure communication of this analyzer with a receiving ana-
	    lyzer (like a Manager) through the specified registration-server.

	    --uid=UID UID or user to use to setup analyzer files.

	    --gid=GID GID or group to use to setup analyzer files.

	    --passwd=PASSWD Use provided password instead of prompting it.

	    --passwd-file=-|FILE Read password from file instead of prompting it (- for stdin).

       registration-server <profile name>
	    Start a registration server to register agents.  This is used in order to register 'sending' analyzer to 'receiving'  analyzer.  <pro-
	    file name> should be set to the profile name of the

	    --uid=UID UID or user to use to setup 'receiving' analyzer files.

	    --gid=GID GID or group to use to setup 'receiving' analyzer files.

	    --prompt Prompt for a password instead of auto generating it.

	    --passwd=PASSWD Use provided password instead of auto generating it.

	    --passwd-file=-|FILE Read password from file instead of auto generating it (- for stdin).

	    --keepalive Register analyzer in an infinite loop.

	    --no-confirm Do not ask for confirmation on agent registration.

	    --listen Address to listen on for registration request (default is any:5553).

       revoke <profile name>
	    Revoke access to <profile> for the given analyzerID.

	    --uid=UID UID or user to use to setup analyzer files.

	    --gid=GID GID to group to use to setup analyzer files.

       --help
	    Print help

AUTHOR

       This man page has been written by Frederic Motte

								   19 June 2007 						  prelude-admin(1)
All times are GMT -4. The time now is 03:29 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy