From: Balázs Bárány (balazs~AT~tud.at)
Date: Wed Nov 26 2003 - 19:19:41 CET
> Is there any way to fix this within Fwanalog or would I have to
It is probably already fixed in 0.6.4pre4
> 2) The Blocked Packet Report gives the list of "Destination" hosts and
> the Packet Source Host Report gives a list of the "Source" hosts. Is
> this observation correct?
> 3) Is there any way that I can get a listing of the Class C addresses of
> the intruding source hosts? The Organization Report seems to give the
> Class B addresses.
The Organization Report gives "networks", i.e. DNS names if possible, and if not, Class B addresses by default.
You can possibly use the SUBORG command of Analog to change this: http://www.analog.cx/docs/hierreps.html
> 4) Is it possible to get a report with the Source and Destination hosts
> together? Or is this option limited by Analog's definition of it's
You could switch on separate reports for hosts or packets, then you get a separate page which answers the questions "What did host xxx.yyy access?" or "Which hosts tried to access zzz/999?".
> 5) Is it possible to sort the Blocked Packet Report based on the port
> numbers rather than the number of blocks? This is useful when you would
Please read the Analog documentation and the fwanalog README for information on sorting reports.
-- _________________________________________________________________________ Balázs Bárány balazs~AT~tud.at http://tud.at ICQ 10747763 A good engineer will make considerable effort to avoid additional effort.
This archive was generated by hypermail 2.1.5 : Wed Dec 03 2003 - 16:22:04 CET