small problem with perl pattern matching...Please Help

I installed snort and guardian and guardian basically monitors snort's logs and blocks the ip based on that anyway guardian has one if statement that isnt correct, it doesnt match the if statements condition:
Here is a sample entry in the log file:
Dec 8 17:16:01 server1 snort: [1:1328:1] WEB-ATTACKS ps command attempt [Classification: Web Application Attack] [Priority: 1]: {TCP} 66.20.28.125:12252 -> 216.40.233.21:80

here is how it was originally written i would assume this is pretty close to how it should be but it may not:
($2 is the source, $3 is the dest and $1 is the type)
if (/snort\[\d+\]:\s*(.*)\s*\:\s*(\d+\.\d+\.\d+\.\d+):\d+\s*->\s*(\d+\.\d+\.\d+\.\d+):\d+$/) {
&checkem ($2, $3, $1);
}

anyway if you can help that is great!

 

 

 

 

Top