If i ignore local interface, networks or ports in psad main config file i 
cannot use psad in csv or gnuplot mode with local traffic in logs. I use psad 
for parsing csv files and graphing firewall logs.

Example:

Local.log contains only localtraffic grepped with cat /var/log/messages|grep 
DROP|grep SRC=192.168| grep -v DST=192.168 > local.log

If  IGNORE_INTERFACES=eth1 is set then psad -m local.log -CSV -CSV-fields "src 
dst dp" will not parse anything the same applies for psad -m local.log  
--gnuplot -CSV -CSV-fields "timestamp dp"  --gnuplot-file-prefix localdrop

If IGNORE_INTERFACE=NONE is set then the above will work fine.

Is psad also complying with config file with csv and gnuplot modes?


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to