[fwAnalog] Parsing advice for ipf log file

From: Gernot Schmied (gernot.schmied~AT~nextra.com)
Date: Wed May 15 2002 - 09:41:40 CEST



Hello,

Balazs, thanks for a great product.

Does anybody have a simple advice how to deal with multiple log entries (2x, 3x, ...). Currently fwananlog/analog appears to ignore them and hence generates unrepresentative reports.

C:                                *
C: 15/May/2002 09:18:37.266168 2x fxp0 ~AT~0:29 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 328 IN
C:                                *
C: 15/May/2002 09:20:22.355154 2x fxp0 ~AT~0:29 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 328 IN
C:                                *
C: 15/May/2002 09:20:32.458404 2x fxp0 ~AT~0:29 b 10.122.32.117,137 -> 10.122.32.255,137 PR udp len 20 78 IN
C:                                *
C: 15/May/2002 09:20:39.564631 2x fxp0 ~AT~0:29 b 10.122.32.82,137 -> 10.122.32.255,137 PR udp len 20 78 IN
C:                                *

/usr/src/analog-5.23/analog: Warning L: Large number of corrupt lines in   logfile /var/www/htdocs/fwanalog/fwanalog.all.log: turn debugging on or try   different LOGFORMAT
  (For help on all errors and warnings, see docs/errors.html)     Current logfile format:
      %S %j %u [%d/%M/%Y:%h:%n:%j] "%j%w%r%wHTTP%j" %c %b "%f" "%j" %t %v\n

Best Regards,
Gernot Schmied



This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 22:22:05 CEST