[fwAnalog] fwanalog & ipfilter under FreeBSD 4.7

From: Richard Shaw (richard~AT~dn1.net)
Date: Fri Dec 06 2002 - 10:28:54 CET



Hi, I'm having much the same problems as http://tud.at/mailinglist-archives/fwanalog/0022.html

fwanalog-0.6.1
IP Filter: v3.4.30
FreeBSD 4.7-RELEASE

i'm simply having no luck getting it to read the logs, i've tried the 'ipf' option to no avail, I would like to get it using the current layout of my logs but the documentation for fwanalog doesn't go into any detail of what to do and google for once has turned me down. I would really like to fwanalog as my primary method for reading my logs, so if someone who's got the same setup could give me some advice i would really appreciate it.

ipf logging options -Dsvn. My log file /var/log/ipfilter.log looks like this

Dec  6 05:25:20 example ipmon[63]: 05:25:19.305300 fxp0 ~AT~0:16 b 
218.84.35.76,nms -> example.org[xxx.xxx.xxx.xxx],netbios-ns PR udp len 20 78 IN
Dec  6 07:44:57 example ipmon[63]: 07:44:56.781313 fxp0 ~AT~0:16 b 
bb-165-21-158-97.singnet.com.sg[165.21.158.97],isis-bcast -> example.org[xxx.xxx.xxx.xxx],ms-sql-s PR tcp len 20 44 -S 3619390755 0 8192 IN

the fwanalog output looks like this:

C: Dec 6 05:25:20 example ipmon[63]: 05:25:19.305300 fxp0 ~AT~0:16 b 218.84.35.76,nms -> example.org[xxx.xxx.xxx.xxx],netbios-ns PR udp len 20 78 IN C: *
C: Dec 6 07:44:57 example ipmon[63]: 07:44:56.781313 fxp0 ~AT~0:16 b bb-165-21-158-97.singnet.com.sg[165.21.158.97],isis-bcast -> example.org[xxx.xxx.xxx.xxx],ms-sql-s PR tcp len 20 44 -S 3619390755 0 8192 IN C: *
analog: Warning L: Large number of corrupt lines in logfile

   /root/fwanalog.out/fwanalog.all.log: turn debugging on or try different    LOGFORMAT
   (For help on all errors and warnings, see docs/errors.html)

     Current logfile format:
       %S %j %u [%d/%M/%Y:%h:%n:%j] "%j%w%r%wHTTP%j" %c %b "%f" "%j" %t %v\n

Kind Regards

Richard



This archive was generated by hypermail 2.1.5 : Sat Dec 07 2002 - 09:02:03 CET