Squid format

SmartList questions-request at logreport.org
Mon Sep 19 13:51:44 CEST 2005 

Only messages from subscribers to the questions at logreport.org list are 
distributed automatically to the list.  Since the envelope-from address on
your message was not on the subscribers list, your message - as quoted
below - is being held by the list administrator.  If the message is suitable
for distribution (i.e.: not spam), it will get forwarded to the list
subscribers.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Christophe,

I'll try to answer your other questions:

>> ...
>> 2. About syslog reports:
>> In the Overview Reports, the "Messages Logged by Facility",
>>    "Messages Logged by Level" and "Warning or Higher Level
>>    Events" tables are empty.
>>
>
>>>> Facility  	Messages  	% Total
>>>> There is no entries in this table
>>>> Total for 7442 records 	7442 	100.0
>
>>
>> Why? All other are correctly populated.

These reports are empty because your syslog does not contain any
facility or level codes. Some syslogs log this information, others
don't. Check 'man Lire::Syslog' to get the idea.

>> ...
>> 3. Same problem in the firewall reports:
>> -the "Messages Reports" section has only empty tables.

This is because there are no "messages" in your firewall log (iptables).
The DLF converter for iptables only parses for accepted or rejected
traffic, since there isn't anything else in a typical iptables log.

>> -the "Volume's Traffic Reports" : also empty tables.

This is due to a bug in the DLF converter for iptables in the Lire 2.0.1
release. There is a fixed version in the CVS tree:

RCS file: /cvsroot/logreport/service/firewall/lib/IptablesDlfConverter.pm,v
Working file: IptablesDlfConverter.pm
head: 1.11
branch:
locks: strict
access list:
symbolic names:
        release-2_0_1: 1.9
        release-2_0: 1.9
        release-2_0rc1: 1.9
        release-1_5: 1.8
        merged-20030821: 1.3
        lire_1_3_branch: 1.3.0.2
        release-1_3: 1.3
keyword substitution: kv
total revisions: 11;    selected revisions: 11
description:
- ----------------------------
revision 1.11
date: 2005/02/14 11:07:33;  author: wraay;  state: Exp;  lines: +8 -4
Add support for proper labeling of traffic permitted by the firewall,
by adding a matching regular expression for 'permitted' similar to the
one for 'denied'.
Update the documentation (LIMITATIONS section) accordingly.
- ----------------------------

You can substitute the CVS version of this file in your running system,
and it should work then.

>> But the "Denied Packets Reports" is correctly populated.
>> Something to do with the fact that the firewall is generated by the same
>> syslog as above?

Not quite the same problems, as explained above.

Hope this helps,
Wytze van der Raay
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFDLqZHqs+zhiEbbu8RAtUyAKCktcuwp+R3gimiwoW3uLOjuUsH2gCeJ05n
SYWR9IL2sIAcCaefcU+GZmo=
=Ox6D
-----END PGP SIGNATURE-----

More information about the Questions mailing list