Hi Ken.
I tried this code as well and I think that you have to substitute /var/log/shorewall.log for /var/log/messages in the code that Eric provided. It didn't work for me until I made this change. Perhaps an older version of Bering or Dach used the messages file to log packets, hence the confusion. Please correct me if I'm wrong, Eric. Thanks, Ken You are of course right , the log file should be the one the messages for shorewall are directed to. Bering 1.0 stable did the logging still in the /var/log/messages file ( this was the version I used to debug the script.) I should make things more modular again ;) Thanks for your feedback. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tony > Sent: Saturday, May 31, 2003 3:33 PM > To: eric wolzak; Leaf-User > Cc: [EMAIL PROTECTED] > Subject: RE: [leaf-user] weblet extension version 2 > > > HI Eric and Jeff, > > Thanks Eric for the code, this is half of what I was looking > for, Jeff gave the other half. If you use the proverb: > > Give a man a fish, he eats today > Teach a man to fish, he eats forever > > you both gave me one of those lines and I appreciate it. > > But, I do have some questions about the code, I can get the > portsort section to work (from a previous e-mail, but the > ipsort section is giving me the headers, but no data under it. > > I have some observations, but should I move this discussion > to the devel list? I don't want to clog up this list with > any more messages than necessary. > > Please advise, and I can pick up with my observations. > > Thanks, > > Tony > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > eric wolzak > > Sent: Saturday, May 31, 2003 12:26 PM > > To: Tony; Leaf-User > > Subject: Re: [leaf-user] weblet extension version 2 > > > > > > Hello Tony > > > > > > Another variant is to change in the file viewhits the > option ipsort to > > ------------------------- > > ipsort) > > HEAD='<tr><td width="50"> Hits > > </td><td>IP-Adress</td><td> </td></tr>' > > > > AUS="`grep "DPT=$content " /var/log/messages |\ > > sed 's/.*SRC=\(.* \)DST.*$/<a > > href=viewhits?x_\1>\1<\/a><\/td><td><\/td><\/tr>/'| > > sort -n | uniq -c |sort -rn|\ > > sed 's/^/<tr><td>/ > > s/<a/<\/td><td><a/`" > > ;; > > --------------------------- > > this is a little bit slower but let you click on each ip > address that > > tried to connect to the certain port and shows the > messages that it > > caused, including those to another port > > > > Regards > > Eric Wolzak > > member of the bering crew > > Regards Eric Wolzak member of the bering crew. ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
