Bug 469824

Summary: replace "alert.impact.severity" with "alert.assessment.impact.severity"
Product: [Fedora] Fedora Reporter: Dominick Grift <dominick.grift>
Component: prelude-correlatorAssignee: Steve Grubb <sgrubb>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 10CC: sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-12-18 00:36:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dominick Grift 2008-11-04 10:09:17 UTC 
Description of problem:

Whilst my network was under attack, i received this notice in /var/log/messages:

Nov  4 05:05:03 rawhide prelude-correlator: ERROR: LUA error on 'brute_force': /usr/share/prelude-correlator/lua/lib.lua:54: set(alert.impact.severity): unable to create path: Unknown IDMEF child 'impact'. (lua.c:148 lua_r
un)

I reported this to #prelude and was advised to:

replace /etc/prelude-correlator/lua-rules/brute-force.lua by  https://trac.prelude-ids.org/browser/prelude-correlator/trunk/plugins/lua/ruleset/brute-force.lua

Version-Release number of selected component (if applicable):
prelude-correlator-0.9.0-0.3.beta3.fc10.x86_64
Comment 1 Bug Zapper 2008-11-26 04:43:50 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 2 Steve Grubb 2008-12-06 15:32:32 UTC 
This was fixed in prelude-correlator-0.9.0-0.4.beta3.fc10. I'll push this into fc10 testing shortly.
Comment 3 Fedora Update System 2008-12-06 15:34:38 UTC 
prelude-correlator-0.9.0-0.4.beta3.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/prelude-correlator-0.9.0-0.4.beta3.fc10
Comment 4 Fedora Update System 2008-12-08 13:04:41 UTC 
prelude-correlator-0.9.0-0.4.beta3.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update prelude-correlator'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-10947
Comment 5 Fedora Update System 2008-12-18 00:36:13 UTC 
prelude-correlator-0.9.0-0.4.beta3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.