On Wed, 2011-08-31 at 14:20 +0100, Ed W wrote: > Hi, I'm sorry I like to try and submit fixes if I can. Short of time here: > > Running shorewall-4.4.22 (not latest beta), I observe that "shorewall > hits" gives output: > > ... > HITS IP PORT ---- --------------- ----- > 14 192.168.105.70 sh: invalid number ''0 > ... > > I *think* this is because of some ICMP entries in the log file: > > Aug 31 09:30:37 localhost kern.info kernel: [142338.667337] > Shorewall:fw2net:LOG:IN= OUT=eth0 SRC=192.168.105.70 DST=87.248.120.148 > LEN=38 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 > ID=52515 SEQ=12 MARK=0xd00ff >
That is unlikely to be the cause. Log records for that part of the
'hits' output are selected using this invocation of grep:
grep "${today}IN=.* OUT=.*DPT"
So it is likely to be a busybox issue. Why don't you:
shorewall trace hits 2> trace
and see what's happening?
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
