I just found that I forgot copy the config file to /etc/ directory. Here is the new error message: [root@nids fwlogwatch-0.9.3]# fwlogwatch -v -v -w -o report.html -l 1d -m 2 -t -e -z -n -N -p -s -d -y /var/log/snort/alert Opening configuration file '/etc/fwlogwatch.config' Unrecognized option in configuration file '/etc/fwlogwatch.config' line 58 Closing '/etc/fwlogwatch.config' Opening input file '/var/log/snort/alert' Processing.. The /etc/fwlogwatch.config file has the snort option turned on: #input = /var/log/messages input = /var/log/snort/alert ### Evaluation options ### # You can select which parsers you want to use if you don't want fwlogwatch # to check for all known log formats. You can choose one or a combination # of: # # i ipchains # n netfilter # f ipfilter # c Cisco IOS # p Cisco PIX # e NetScreen # w Windows XP # l Elsa Lancom s Snort Thanks Sam -----Original Message----- From: samwun [mailto:samwun@private] Sent: Wednesday, December 24, 2003 2:18 PM To: 'loganalysis@private' Subject: parsing snort files Hi, I tried to parse snort dump file and alert file with fwlogwatch 0.9.4, but it failed to recognized the tcpdump file and the alert from snort. How can I configure fwlogwatch properly for snort file parsing? Here is the output from commandline I used: [root@nids fwlogwatch-0.9.3]# fwlogwatch -v -v -w -o report.html -l 1d -m 2 -t -e -z -n -N -p -s -d -y /var/log/snort/alert Opening input file '/var/log/snort/alert' Processing ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ __________________________________________ Thanks Sam _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Sun Dec 28 2003 - 19:05:38 PST