From: Micha Silver (Micha~AT~arava.co.il)
Date: Wed Oct 22 2003 - 21:24:05 CEST
> -----Original Message-----
> From: balazs~AT~tud.at [mailto:balazs~AT~tud.at]
> Sent: Wednesday, October 22, 2003 8:03 PM
> To: fwanalog~AT~tud.at
> Subject: Re: [fwAnalog] fwanalog.all.log too big
> The algorithm is the following:
> 1. the logfiles that match the filename patterns in the
> config file and
> are newer than inputfiles_mtime are grepped for matching lines and
> converted into fwanalog.current.log.
> 2. The last line of fwanalog.all.log is searched in
> and everything after it is appended to fwanalog.all.log.
Now it's much clearer to me.
So fwanalog.all.log grows without bounds.
> By changing inputfiles_mtime, you only optimize the first part of the
> processing which doesn't take as long as the Analog
> processing does. So it
> won't help very much.
Yes, I saw that. The fwananlog part finishes in 10-15 min, and then Analog churns away for over 2 hrs.
> Perhaps if you have such problems with the logfile size, you
> could take
> out the obvious worm attacks (SQL Slammer, MS Blaster etc.) and
> concentrate just on the "interesting" blocked packets.
I'll look into this. Many thanks for your help.
> Balázs Bárány balazs~AT~tud.at http://tud.at
> ICQ 10747763
> A good engineer will make considerable effort to avoid
> additional effort.
> fwAnalog mailing list
This archive was generated by hypermail 2.1.5 : Fri Nov 07 2003 - 20:02:03 CET