Hello,
On OpenBSD, the ipf log is rotated once a day; I let the script run one minute later on the ipf.log.0.gz. So I always only get the logs from the last day.
On a default-configured Debian, however, the /var/log/messages is rotated only so often so the hack with "diff -f | grep ^>" is necessary in order to avoid duplicate lines in analog's input file.
> He does suggest that "It would be good if there was an overview per
> servicetype that got logged". Just passing on suggestions :)
There is. The Blocked Packet Report. I don't know if he means "tcp/udp/icmp"
or "ftp/http/domain/etc" but both of them are in the Blocked Packet Report.
The whole concept of fwanalog is to use Analog for creating the reports - if a report type is not in Analog, I can't create it either. (It *could* be possible to play with the Request Report which isn't currently used by creating the right REQOUTPUTALIAS. Perhaps I will look into it.)
Could you invite him to join the mailing list?
> P.S.: I'll try to remember to post from the right address in the future :)
No need to, I just added your 3 addresses to the allowed list. Mailman is
very flexible.
Regards
-- _________________________________________________________________ Balázs Bárány balazs~AT~tud.at http://tud.at ICQ 10747763 Computers. You can't live with them, you can't live without them.
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 22:22:04 CEST