From: Adam Lofstedt (adaml~AT~visimation.com)
Date: Mon Dec 30 2002 - 20:36:33 CET
> Hello,
>
> * Adam Lofstedt <adaml~AT~visimation.com> [2002-12-26 23:47]:
> > It looks like ipmon is logging the blocked packets correctly to the
> > file /var/log/ipflog. I am not sure why fwanalog results
> are empty.
> > Can
> Does the following command print any lines?
>
> egrep -h " -> .+ PR.+len" /var/log/ipflog
This printed out the entries in my log file.
> Also, has the user you are running fwanalog as read
> permissions on the ipflog file?
Yes. Root is the user and has appropriate permissions.
I have since changed how I log the packets so that I am now using syslog and am rotating the logs. Instead of getting zero results, all the results are reported as corrupted.
Here is the part from rc.conf:
ipmon_flags="-Ds"
Here is from syslog.cong:
Local0.* /var/log/firewall_logs
Here is my fwanalog.opts file:
inputfiles_mask="firewall_logs*"
inputfiles_dir="/var/log"
I am using the "ipf" logformat in the opts file. I have tried to log also with:
ipmon_flags="-Dsvn"
...which should resolve host names and log some other things about TCP packets, but it also returned corrupted results. Is there something else I need to do to get this to work?
Thanks,
Adam
This archive was generated by hypermail 2.1.5 : Tue Dec 31 2002 - 11:22:02 CET