From: C. Bensend (benny~AT~bennyvision.com)
Date: Mon Dec 20 2004 - 01:21:45 CET
Hey folks,
I'm trying to get fwanalog 0.6.4 running on an OpenBSD 3.5-STABLE firewall. This firewall protects two other hosts.
When I run fwanalog.sh, it complains about corrupt lines. A LOT of corrupt lines. Like, almost _all_ the lines. I had inputfiles_mask set to "pflog*" and it was complaining about over 300,000 corrupt lines (about 350,000 lines total). logformat is set to "pf_30".
Once execution completes, the html files all contain the header and footer, but no real content (other than the number of corrupt lines).
analog.err contains:
/usr/local/bin/analog: analog version 5.32/Unix
/usr/local/bin/analog: Warning F: Failed to open configuration file
./fwanalog.analog.conf: ignoring it
(For help on all errors and warnings, see docs/errors.html)
/usr/local/bin/analog: Warning D: In Directory Report, SORTBY (bytes) doesn't
match FLOOR (requests)
/usr/local/bin/analog: Warning D: In Virtual Host Report, SORTBY (bytes)
doesn't match FLOOR (requests)
[ snip, sample entries follow ]
C: 216.90.28.45 - - [19/Dec/2004:15:11:43 -0600] "GET
/216.161.119.28/tcp/1025/
HTTP/1.0" 200 0 "http://4602/" "" 0 sis1
C:
*
*
*
[ snip ]
(each C: is a single line, line wrapping done by email client)
and wraps up with:
/usr/local/bin/analog: Warning L: Large number of corrupt lines in logfile
/var/www/htdocs/fw-stats/fwanalog.all.log: turn debugging on or try
different
LOGFORMAT
Current logfile format:
%S %j %j [%d/%M/%Y:%h:%n:%j] "%j%w%r%wHTTP%j" %c %b "%f" "%B"\n
%S %j %j [%d/%M/%Y:%h:%n:%j] "%j%w%r" %c %b "%f" "%B"\n
%S %j %j [%d/%M/%Y:%h:%n:%j] "%r" %c %b "%f" "%B"\n
Can anyone tell me what I've done wrong? I'm assuming it's a problem with my configuration, but a quick look through the files don't show any glaring problems.
Any help would be appreciated! Thanks!
Benny
--
"... i want to be a farting burping maniac."
-- "kerry",
on MentalDischarge
This archive was generated by hypermail 2.1.5 : Mon Dec 20 2004 - 02:02:02 CET