Re: [fwAnalog] fwanalog on 4.3 freebsd and ipfilter

From: James Lim (evilfry~AT~sg.freebsd.org)
Date: Mon Jun 04 2001 - 08:52:57 CEST



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there :)

        here are some examples of my ipf.log, i appreciate ur help alot.

04/06/2001 04:21:31.127516 tun0 ~AT~0:25 b 203.120.94.99 -> 210.193.15.140 PR icmp len 20 60 icmp 8/0 IN 04/06/2001 04:21:32.223675 tun0 ~AT~0:25 b 203.120.94.99 -> 210.193.15.140 PR icmp len 20 60 icmp 8/0 IN 04/06/2001 04:21:33.724588 tun0 ~AT~0:25 b 203.120.94.99 -> 210.193.15.140 PR icmp len 20 60 icmp 8/0 IN 04/06/2001 04:21:35.224962 tun0 ~AT~0:25 b 203.120.94.99 -> 210.193.15.140 PR icmp len 20 60 icmp 8/0 IN 04/06/2001 05:21:55.607708 tun0 ~AT~0:23 b 203.120.90.77,51974 -> 210.193.15.140,25 PR tcp len 20 60 -S IN 04/06/2001 06:10:14.293726 tun0 ~AT~0:23 b 203.120.90.77,54079 -> 210.193.15.140,25 PR tcp len 20 60 -S IN 04/06/2001 06:22:04.816105 tun0 ~AT~0:23 b 165.21.103.175,4731 -> 210.193.15.140,1080 PR tcp len 20 44 -S IN 04/06/2001 07:33:10.764693 tun0 ~AT~0:23 b 165.21.103.176,3388 -> 210.193.15.140,1080 PR tcp len 20 44 -S IN 04/06/2001 07:37:55.565681 tun0 ~AT~0:23 b 203.120.90.77,58050 -> 210.193.15.140,25 PR tcp len 20 60 -S IN 04/06/2001 08:35:55.489929 tun0 ~AT~0:23 b 203.120.90.77,62333 -> 210.193.15.140,25 PR tcp len 20 60 -S IN 04/06/2001 09:13:09.686936 tun0 ~AT~0:23 b 165.21.103.175,6667 -> 210.193.15.140,4125 PR tcp len 20 1116 -A IN 04/06/2001 09:13:09.687023 tun0 ~AT~0:23 b 165.21.103.175 -> 210.193.15.140 PR tcp len 20 (404) frag 384~AT~1096 IN

On the last episode Monday 04 June 2001 14:31, Balázs Bárány wrote:
> Hello,
>
> * James Lim <james~AT~sg.freebsd.org> [2001-06-04 00:55]:
> > parsing..it doesn't show any errors..but analog
> > will say that all the lines are corrupted. ( I
>
> Well, that means that the 3 built-in formats of fwAnalog aren't
> compatible with FreeBSD's log format. That isn't much of a surprise
> as nobody has tried that yet.
>
> You could send a part of your /var/log/ipf.log (or whatever it is
> on FreeBSD) to me so I can take a look.
> Or, if you are good with regular expressions, you can write the
> conversion routine yourself, as described in the documentation.
>
> Regards

iQA/AwUBOxswTJpTakonTMbIEQJrFwCgpELP45Ip3RNXBH7FgehJzY1kFsIAniCR cV8caZp77qH8wZdPZG5N8DbZ
=69yd
-----END PGP SIGNATURE-----




This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 22:22:04 CEST