[fwAnalog] Error Generating Reports

From: Francois van Heerden (cyberruk~AT~gmail.com)
Date: Thu Mar 24 2005 - 14:28:59 CET



Hi all:

I'm using Red Hat Enterprise, trying to analyze PIX logs, using Analog 6.0 and fwanalog 0.6.4

Get the following error message from fwanalog.err:

analog: analog version 6.0/Unix
analog: Warning D: In Directory Report, SORTBY (bytes) doesn't match FLOOR   (requests)
  (For help on all errors and warnings, see docs/errors.html) analog: Warning D: In Virtual Host Report, SORTBY (bytes) doesn't match FLOOR   (requests)
C: 172.16.43.170 - acl_private [22/Mar/2005:04:03:52 -0500] "GET /172.16.43.170/tcp/445/ HTTP/1.0" 200 0 "http://4952/" "" 0 inside-BDMZ

C:                                                                    
                                                    *
C: 172.16.43.170 - acl_private [22/Mar/2005:04:03:52 -0500] "GET /172.16.43.170/tcp/139/ HTTP/1.0" 200 0 "http://4953/" "" 0 inside-BDMZ

-rw-r--r-- 1 root root 2898 Mar 23 16:48 alldates.html
-rw-r--r-- 1 root root 0 Mar 23 16:46 analog-domains.tab
-rw-r--r-- 1 root root 323456375 Mar 23 16:48 analog.err
-rw-r--r-- 1 root root 41277335 Mar 23 16:46 fwanalog.all.log
-rw-r--r-- 1 root root 2898 Mar 23 16:48 lastweek.html
-rw-r--r-- 1 root root 2898 Mar 23 16:48 today.html
-rw-r--r-- 1 root root 409 Mar 23 16:46 today.txt

Note that the analog-domains.tab is empty and the following error message appears:
[root~AT~security logs]# ./fwanalog.sh
Analog found 2577744 corrupt lines. Please consider sending /home/van/logs/fwanalog.out/analog.err to balazs~AT~tud.at so the author is able to fix the problem.

I have been wrestling with this problem for the last week and have read all of the posts to try and resolve this problem without success. I would appreciate any assistance in getting this running.

TIA, François van Heerden



This archive was generated by hypermail 2.1.5 : Tue Mar 29 2005 - 16:02:13 CEST