From owner-freebsd-questions Wed Oct 30 10: 6:23 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05C0437B401 for ; Wed, 30 Oct 2002 10:06:22 -0800 (PST) Received: from noname.csdl.lt (noname.csdl.lt [194.176.40.182]) by mx1.FreeBSD.org (Postfix) with SMTP id B60D243E88 for ; Wed, 30 Oct 2002 10:06:13 -0800 (PST) (envelope-from paulius@kaktusas.org) Received: (qmail 47325 invoked by uid 1000); 30 Oct 2002 18:06:01 -0000 Date: Wed, 30 Oct 2002 20:06:01 +0200 From: Paulius Bulotas To: freebsd-questions@freebsd.org Subject: Re: processing ipfw's /var/log/security file Message-ID: <20021030180601.GA47049@kaktusas.org> Mail-Followup-To: freebsd-questions@freebsd.org References: <20021029111620.A45326@badger.tltodd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021029111620.A45326@badger.tltodd.com> X-URL: http://www.kaktusas.org/ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Terry, On 02 10 29, Terry Todd wrote: > I'm using ipfw and am looking for something to process > /var/log/security(.*.gz) with. /var/log/security is not for ipfw only, it's for messages with priority security. you can filter ipfw output with syslog configuration: !ipfw *.* /var/log/ipfw/ipfw.log in /etc/syslog.conf or using syslogd patch which was not so long ago posted to some mailing list: !-ipfw *.* /var/log/messages !ipfw *.* /var/log/ipfw/ipfw.log ^ that's all syslogd configuration ;) And to answer your question, I don't know anything to process ipfw's logs (and maybe put them into mysql), but someday I will write something ;) [maybe ;] > Even a program that would convert the "last message repeated * times" > line to lines that could be counted in a piped command stream > would be useful. man syslogd: -c Disable the compression of repeated instances of the same line into a single line of the form ``last message repeated N times'' when the output is a pipe to another program. If specified twice, disable this compression in all cases. Paulius To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message