[Logwatch-Devel] Cisco PIX log extension
Hugo van der Kooij
hvdkooij at vanderkooij.org
Thu May 25 10:15:49 MST 2006
On Thu, 25 May 2006, Giovanni Mellini wrote:
> after many days (months ok) since my last post on the ML about a Cisco PIX
> log analyzer I'm ready to send my job to the ML, to test it (I'm already
> using the scripts)
> I'm rewriting and testing some part of the code, and I have a little
> question for you.
> The Cisco PIX logs via syslog and the format of the date is the following
> May 24 17:46:56 <log>
> This is a problem because Range var is skypped. When I launch syslog in
> debug mode I see
> TimeFilter: Period is day
> TimeFilter: SearchDate is ( 2006-May-25 ..h ..m ..s )
> TimeFilter: Debug SearchDate is ( 2006-May-25 h m s )
> Logwatch don't search for the rigth date format. Can I force the SearchDate
> format locally in my script??
Will it work on other files? I am under the impression the date entry is
in fact a duplicate bit of information.
At least it is on my Cisco IOS log:
May 25 19:14:01 anfalas 7616: 007419: May 25 19:14:08.780 CEST: %SEC-6-IPACCESSLOGP: list ipv4-inet-in denied udp 126.96.36.199(43309) -> 188.8.131.52(1026), 1 packet
To the best of my knowledge syslog wil not store year info.
I hate duplicates. Just reply to the relevant mailinglist.
hvdkooij at vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of magicians,
for they are subtle and quick to anger.
More information about the Logwatch-Devel