Found override switch created a custom.conf file with the variable 
IGNORE_INTERFACES=NONE;  and if I now run psad in csv and gnuplot mode with the 
override switch it will give me local log data even if I ignore local traffic 
in the main config. I find it easier viewing status without local traffic 
populating psad scanning status output but I still want to use psad for csv 
output and gnuplot graphing with traffic from local interface. Should have 
catched the switch option before mailing in issues.

Psad -m local.log -O custom.conf -CSV -CSV-fields "src dst dp" > landrop.csv
Psad -m local.log -O custom.conf -gnuplot -CSV-fields "timestamp dp:counthour" 
-gnuplot-file-prefix localdrop

From: Johannes Lavre []
Sent: 23. juli 2016 10:40
Subject: [psad-discuss] psad config csv and gnuplot

If i ignore local interface, networks or ports in psad main config file i 
cannot use psad in csv or gnuplot mode with local traffic in logs. I use psad 
for parsing csv files and graphing firewall logs.


Local.log contains only localtraffic grepped with cat /var/log/messages|grep 
DROP|grep SRC=192.168| grep -v DST=192.168 > local.log

If  IGNORE_INTERFACES=eth1 is set then psad -m local.log -CSV -CSV-fields "src 
dst dp" will not parse anything the same applies for psad -m local.log  
--gnuplot -CSV -CSV-fields "timestamp dp"  --gnuplot-file-prefix localdrop

If IGNORE_INTERFACE=NONE is set then the above will work fine.

Is psad also complying with config file with csv and gnuplot modes?

What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
psad-discuss mailing list

Reply via email to