RE: [fwAnalog] OpenBSD 4.0 compatibility ?

From: CARIS Network Admin <Administrator~AT~caris.nl>
Date: Fri Nov 10 2006 - 15:09:32 CET


fwanalog-bounces@tud.at <> wrote on Friday, November 10, 2006 2:05 PM:

> Hello,
>
> i recently installed an OpenBSD 4.0 box and now looking for a log
> analyzer.
>
> Context :
> OpenBSD ... 4.0 GENERIC#0 i386
> analog-6.0p0
> fwanalog-0.6.4 and fwanalog-0.6.9
>
> The provided sample of fwanalog at
> http://tud.at/programm/fwanalog/sample-report.html
> is the kind of reports i am looking for.
>
> I install fwanalog (and analog) but the opts file provided
> (fwanalog.opts.openbsd fwanalog.opts.openbsd3) dont seem to
> support OpenBSD 4. The execution of fwanalog.sh work and produces
> normal outputs but with no data. Meanwhile, my rules blocked, pass and
> log lot of packets, confirmed by the supervision of 'pftop' or 'sudo
> tcpdump -e -ttt -i pflog0'. During the execution, i got the following
> messages : -bash-3.1# ./fwanalog.sh
> tcpdump: WARNING: snaplen raised from 96 to 116
> tcpdump: WARNING: snaplen raised from 96 to 116

This is just a warning

> and today.html contains :
> (...)
> <span class="gensumtitle">Blocked packets:</span> 0 (...)
>
> Does fwanalog not support OpenBSD 4.0 or will it in the
> future ? In case
> it will not, can you give some advice for another similar
> report tool ?
>
> Thanx

It works ok; there's been an issue since openbsd 3.6 with one of the reg.expressions that does the parsing you can google for it; I seem to have lost the exact change.. I'll mail you my version later.

-- 
drs. Mark C. Prins
Spatial Fusion Specialist / Network Administration
SkypeMe@ skype:mark.prins-caris.nl
Received on Fri Nov 10 15:15:33 2006

This archive was generated by hypermail 2.1.8 : Fri Nov 10 2006 - 16:28:38 CET