Doh! You caught me in my laziness... yea of course, I am logging from dmesg. In fact, when I wanted to test the log analyzing program, I dumped dmesg to a text file... I'll pop in the appropriate priority level in /etc/syslog.conf ... tell it to go to /var/log/messages (which is the default for the program I found anyhow.) Thanks!
David B Harris wrote: >On Fri, 01 Mar 2002 09:26:23 -0500 >Fred Richards <[EMAIL PROTECTED]> wrote: > >> with fwlogwatch. When I try to analyze a logfile, it complains >> mostly about missing timestamps. So my question boils down to this... >> >>What is the --log-prefix option to add timestamps to LOG target >>entries? Is it possible? Any help would be appreciated. >> > >Hmm... Which log file is it you're using? If it's just dmesg, that would >explain your problem. > >You want to get those messages sent to syslogd or klogd or whatever; >it's the logging daemon that provides (among other things) a time stamp. >For instance: > >Feb 28 10:36:46 willow kernel: TCP DROP: IN=ppp0 OUT= MAC= >SRC=142.205.232.171 DST=64.229.19.111 LEN=40 TOS=0x00 PREC=0x00 TTL=51 >ID=45630 PROTO=TCP SPT=443 DPT=35200 WINDOW=16384 RES=0x00 ACK RST >URGP=0 > >Is a typical line from something like 'iptables -A <whatever> -p tcp -j >LOG --log-prefix "TCP DROP: "' >
