[fwAnalog] fwanalog

From: Fabio Panigatti (ml-panigatti~AT~minerprint.it)
Date: Tue Feb 17 2004 - 14:16:10 CET

Next message: Balázs Bárány: "Re: [fwAnalog] Problem with color charts"
Previous message: Hitete: "[fwAnalog] Problem with color charts"
Next in thread: Balázs Bárány: "Re: [fwAnalog] fwanalog"
Reply: Balázs Bárány: "Re: [fwAnalog] fwanalog"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I run fwanalog on gentoo with metalog. Since metalog log format is slightly different from syslog log format, fwanalog.sh code require a simple, little patch to the perl regexp at line 568 (0.6.2) to work:

"s!^(\d+) +(\w+) +(\d+) ([0-9:]+) [^:]+: ?([a-zA-Z0-9/.,:_-]*).*IN=(.*)

The colon prevent fwanalog to correctly parse metalog log format, which is in the form (already mangled with year addition):

2004 Jan 30 11:03:06 [kernel] ETH2CATCHALL IN=eth2 OUT= MAC=00:30...
                     ^^^^^^^^

Since the removal of the colon doesn't affect the parsing of regular syslog file format I would suggest to remove it for better interoperability, or to add a specific opts option to switch the regexp to the right one at runtime (something like syslog_format=[metalog|syslog] in fwanalog.opts).

Many thanks to balazs for his work.

Fabio

Next message: Balázs Bárány: "Re: [fwAnalog] Problem with color charts"
Previous message: Hitete: "[fwAnalog] Problem with color charts"
Next in thread: Balázs Bárány: "Re: [fwAnalog] fwanalog"
Reply: Balázs Bárány: "Re: [fwAnalog] fwanalog"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Thu Mar 18 2004 - 17:02:04 CET