From: Balázs Bárány (balazs~AT~tud.at)
Date: Sat Jul 10 2004 - 20:54:08 CEST
Hello,
Does one of your logs look like this?
2003 Jan 4 15:41:01 127.234.247.49 firewalld[110]: deny in eth0 84 icmp 20 254 127.234.234.120 127.234.249.147 8 0 (blocked site) 2003 Jan 4 15:41:56 127.234.247.49 firewalld[110]: deny in eth0 78 udp 20 128 10.11.12.120 10.11.12.255 137 137 (blocked site)
This is from a Watchguard Firebox 6.1 but I have no idea if it is running with default settings or whatever.
> The text export is comma delimited, so is there a fwanalog config file
> that I can edit to tell it what fields are in my logfile?
In fwanalog.sh, each supported logfile type is in its own function, and a
Perl regular expression converts the original format to the HTTPd log
format for analog. So to support a new logfile type, one has to write this
regular expression.
You can send me in private e-mail a sample of your logfile (covering as many cases as possible, e.g. blocked ICMP/TCP/UDP, other protocols, etc.) and when I find more time, I can possibly create support for your format if it is not yet supported.
Regards
-- _________________________________________________________________________ Balázs Bárány balazs~AT~tud.at http://tud.at ICQ 10747763 A good engineer will make considerable effort to avoid additional effort.
This archive was generated by hypermail 2.1.5 : Sat Aug 07 2004 - 00:42:04 CEST