Squid format

Wytze van der Raay wytze at nlnet.nl
Mon Sep 19 13:54:58 CEST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Christophe,

I'll try to answer your other questions:

>> ...
>> 2. About syslog reports:
>> In the Overview Reports, the "Messages Logged by Facility",
>>    "Messages Logged by Level" and "Warning or Higher Level
>>    Events" tables are empty.
>>
>
>>>> Facility  	Messages  	% Total
>>>> There is no entries in this table
>>>> Total for 7442 records 	7442 	100.0
>
>>
>> Why? All other are correctly populated.

These reports are empty because your syslog does not contain any
facility or level codes. Some syslogs log this information, others
don't. Check 'man Lire::Syslog' to get the idea.

>> ...
>> 3. Same problem in the firewall reports:
>> -the "Messages Reports" section has only empty tables.

This is because there are no "messages" in your firewall log (iptables).
The DLF converter for iptables only parses for accepted or rejected
traffic, since there isn't anything else in a typical iptables log.

>> -the "Volume's Traffic Reports" : also empty tables.

This is due to a bug in the DLF converter for iptables in the Lire 2.0.1
release. There is a fixed version in the CVS tree:

RCS file: /cvsroot/logreport/service/firewall/lib/IptablesDlfConverter.pm,v
Working file: IptablesDlfConverter.pm
head: 1.11
branch:
locks: strict
access list:
symbolic names:
        release-2_0_1: 1.9
        release-2_0: 1.9
        release-2_0rc1: 1.9
        release-1_5: 1.8
        merged-20030821: 1.3
        lire_1_3_branch: 1.3.0.2
        release-1_3: 1.3
keyword substitution: kv
total revisions: 11;    selected revisions: 11
description:
- ----------------------------
revision 1.11
date: 2005/02/14 11:07:33;  author: wraay;  state: Exp;  lines: +8 -4
Add support for proper labeling of traffic permitted by the firewall,
by adding a matching regular expression for 'permitted' similar to the
one for 'denied'.
Update the documentation (LIMITATIONS section) accordingly.
- ----------------------------

You can substitute the CVS version of this file in your running system,
and it should work then.

>> But the "Denied Packets Reports" is correctly populated.
>> Something to do with the fact that the firewall is generated by the same
>> syslog as above?

Not quite the same problems, as explained above.

Hope this helps,
Wytze van der Raay
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFDLqcRqs+zhiEbbu8RAsVIAJ40U+GNccm9QigwMLpcNvtatmy/sACg7QPM
QxKa64m4lZz+ShlrNEPjAvo=
=UDEr
-----END PGP SIGNATURE-----

-- 
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of 
"unsubscribe". Trouble? Send an email with subject "help" to 
questions-request at logreport.org

More information about the Questions mailing list