[fwAnalog] FreeBSD 4.8 IPF got corrupted line with empty out?

From: Kwok Hing Lam (eglkhad~AT~yahoo.com)
Date: Mon May 19 2003 - 13:25:30 CEST



Hi,

Just first time install fwanalog and use it parsing my firewall log file. I got a lot of corrupted line and empty output.html.

Could anyone got an idea to fix it. Thanks. Johnny

Currently software using: --
fwanalog.sh ver. 0.6.3
IP Filter: v3.4.31 (336)
analog: analog version 5.24/Unix
FreeBSD bsd 4.8-RELEASE FreeBSD 4.8-RELEASE

Using the following ipf.log: --
19/May/2003 14:21:41.256219 dc0 ~AT~0:18 p
192.168.0.90,2446 -> 192.168.0.88,http PR tcp len 20 399 -AP K-S IN
19/May/2003 14:21:41.260131 dc0 ~AT~0:18 p
192.168.0.88,http -> 192.168.0.90,2446 PR tcp len 20 225 -AP K-S OUT 19/May/2003 14:25:42.728498 3x dc0 ~AT~0:27 b 61.34.2.196,3500 -> 192.168.0.88,http PR tcp len 20 48 -S IN
19/May/2003 14:31:34.112550 2x dc0 ~AT~0:27 b 61.172.38.20,2882 -> 192.168.0.88,http PR tcp len 20 48 -S IN
19/May/2003 14:33:52.384962 dc0 ~AT~0:13 p
192.168.0.88,whosockami ->
ns2.i-cable.com[210.80.60.2],domain PR udp len 20 70 K-S OUT
19/May/2003 14:33:52.601449 dc0 ~AT~0:13 p
ns2.i-cable.com[210.80.60.2],domain ->
192.168.0.88,whosockami PR udp len 20 139 K-S IN

Got the following analog.err: --
C: 19/May/2003 14:11:54.065692 dc0 ~AT~0:18 p 192.168.0.90,2442 -> 192.168.0.88,http PR tcp len 20 48 -S K-S IN

C:                                 *

C: 19/May/2003 14:11:54.066162 dc0 ~AT~0:18 p 192.168.0.88,http -> 192.168.0.90,2442 PR tcp len 20 44 -AS K-S OUT
C:

Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com

This archive was generated by hypermail 2.1.5 : Mon May 19 2003 - 22:02:04 CEST