Found override switch created a custom.conf file with the variable 
IGNORE_INTERFACES=NONE;  and if I now run psad in csv and gnuplot mode with the 
override switch it will give me local log data even if I ignore local traffic 
in the main config. I find it easier viewing status without local traffic 
populating psad scanning status output but I still want to use psad for csv 
output and gnuplot graphing with traffic from local interface. Should have 
catched the switch option before mailing in issues.

Psad -m local.log -O custom.conf -CSV -CSV-fields "src dst dp" > landrop.csv
Psad -m local.log -O custom.conf -gnuplot -CSV-fields "timestamp dp:counthour" 
-gnuplot-file-prefix localdrop

From: Johannes Lavre [mailto:johann...@vfk.no]
Sent: 23. juli 2016 10:40
To: psad-discuss@lists.sourceforge.net
Subject: [psad-discuss] psad config csv and gnuplot

If i ignore local interface, networks or ports in psad main config file i 
cannot use psad in csv or gnuplot mode with local traffic in logs. I use psad 
for parsing csv files and graphing firewall logs.

Example:

Local.log contains only localtraffic grepped with cat /var/log/messages|grep 
DROP|grep SRC=192.168| grep -v DST=192.168 > local.log

If  IGNORE_INTERFACES=eth1 is set then psad -m local.log -CSV -CSV-fields "src 
dst dp" will not parse anything the same applies for psad -m local.log  
--gnuplot -CSV -CSV-fields "timestamp dp"  --gnuplot-file-prefix localdrop

If IGNORE_INTERFACE=NONE is set then the above will work fine.

Is psad also complying with config file with csv and gnuplot modes?


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to