[Logwatch-Devel] Cisco PIX log extension

Hugo van der Kooij hvdkooij at vanderkooij.org
Thu May 25 10:15:49 MST 2006


On Thu, 25 May 2006, Giovanni Mellini wrote:

> after many days (months ok) since my last post on the ML about a Cisco PIX
> log analyzer I'm ready to send my job to the ML, to test it (I'm already
> using the scripts)
> I'm rewriting and testing some part of the code, and I have a little
> question for you.
> The Cisco PIX logs via syslog and the format of the date is the following
>    May 24 17:46:56 <log>
>
> This is a problem because Range var is skypped. When I launch syslog in
> debug mode I see
>
> TimeFilter: Period is day
> TimeFilter: SearchDate is ( 2006-May-25 ..h ..m ..s )
> TimeFilter: Debug SearchDate is ( 2006-May-25 h m s )
>
> Logwatch don't search for the rigth date format. Can I force the SearchDate
> format locally in my script??

Will it work on other files? I am under the impression the date entry is
in fact a duplicate bit of information.

At least it is on my Cisco IOS log:
May 25 19:14:01 anfalas 7616: 007419: May 25 19:14:08.780 CEST: %SEC-6-IPACCESSLOGP: list ipv4-inet-in denied udp 202.97.238.134(43309) -> 213.84.18.35(1026), 1 packet

To the best of my knowledge syslog wil not store year info.

Hugo.

-- 
	I hate duplicates. Just reply to the relevant mailinglist.
	hvdkooij at vanderkooij.org		http://hvdkooij.xs4all.nl/
		Don't meddle in the affairs of magicians,
		for they are subtle and quick to anger.


More information about the Logwatch-Devel mailing list