This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

logfiles every line twice inside

Hello,
if i get a logfile until the day wich it is for, there is 1 line for every logged packet.
If i get a logfile after the day wich it is for, there are 2 lines for every logged packet, one line with the hostname of the firewall and another with localhost but both lines are equal in the rest of data. [:O]
Can i turn this off it doubles the logfile growing.
Thanks for every answer

This thread was automatically locked due to age.

0 GJJ over 23 years ago

To "separate" the entries in the logfile, you need to go to the command line and "sniff" the entires you want (or sniff out those you do not want) with the grep command.

The following requires superuser access.

> cd /var/log
> grep -e "proxy kernel" kernel | tail -n 50

The above command will only show you the last 50 lines with "proxy kernel" in them. Adding the -v option to grep will reverse the result (e.g. lines not including "proxy kernel"). The web interface does not allow you to separate log entries in a way that eases user interpretation. It is all or nothing. I like to see specific patterns in the log files rather than the whole thing in sequence. You can pipe grep commands. So if you want to see only TCP protocol entries on Jul 31, you would type:

> grep -e "proxy kernel" kernel | grep -e "PROTO=TCP" | grep -e "Jul 31"

Adding "| tail -n xx" to the end of the line above will only show the last xx lines. Piping to greps with specific source IP or port or destination IP or port makes it very easy to isolate entries that establish a certain pattern that is easily interpreted by the operator.
Cancel
Vote Up 0 Vote Down

Cancel