If i ignore local interface, networks or ports in psad main config file i 
cannot use psad in csv or gnuplot mode with local traffic in logs. I use psad 
for parsing csv files and graphing firewall logs.


Local.log contains only localtraffic grepped with cat /var/log/messages|grep 
DROP|grep SRC=192.168| grep -v DST=192.168 > local.log

If  IGNORE_INTERFACES=eth1 is set then psad -m local.log -CSV -CSV-fields "src 
dst dp" will not parse anything the same applies for psad -m local.log  
--gnuplot -CSV -CSV-fields "timestamp dp"  --gnuplot-file-prefix localdrop

If IGNORE_INTERFACE=NONE is set then the above will work fine.

Is psad also complying with config file with csv and gnuplot modes?

What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
psad-discuss mailing list

Reply via email to