Re: [psad-discuss] psad config csv and gnuplot

Sat, 23 Jul 2016 20:23:34 -0700 

On Sat, Jul 23, 2016 at 6:28 AM, Johannes Lavre <johann...@vfk.no> wrote:

> Found override switch created a custom.conf file with the variable 
> IGNORE_INTERFACES=NONE;
>  and if I now run psad in csv and gnuplot mode with the override switch it
> will give me local log data even if I ignore local traffic in the main
> config. I find it easier viewing status without local traffic populating
> psad scanning status output but I still want to use psad for csv output and
> gnuplot graphing with traffic from local interface. Should have catched the
> switch option before mailing in issues.
>
>
>
> Psad –m local.log –O custom.conf –CSV –CSV-fields “src dst dp” >
> landrop.csv
>
> Psad –m local.log –O custom.conf –gnuplot –CSV-fields “timestamp
> dp:counthour” –gnuplot-file-prefix localdrop
>

Cool, glad to hear that this is working.

--Mike




>
>
> *From:* Johannes Lavre [mailto:johann...@vfk.no]
> *Sent:* 23. juli 2016 10:40
> *To:* psad-discuss@lists.sourceforge.net
> *Subject:* [psad-discuss] psad config csv and gnuplot
>
>
>
> If i ignore local interface, networks or ports in psad main config file i
> cannot use psad in csv or gnuplot mode with local traffic in logs. I use
> psad for parsing csv files and graphing firewall logs.
>
>
>
> Example:
>
>
>
> Local.log contains only localtraffic grepped with cat
> /var/log/messages|grep DROP|grep SRC=192.168| grep –v DST=192.168 >
> local.log
>
>
>
> If  IGNORE_INTERFACES=eth1 is set then psad –m local.log –CSV –CSV-fields
> “src dst dp” will not parse anything the same applies for psad –m local.log
>  --gnuplot –CSV –CSV-fields “timestamp dp”  --gnuplot-file-prefix localdrop
>
>
>
> If IGNORE_INTERFACE=NONE is set then the above will work fine.
>
>
>
> Is psad also complying with config file with csv and gnuplot modes?
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>
>


-- 
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to