./PaxHeaders.8080/fwlogwatch-1.40000644000000000000000000000013212147423247014525 xustar000000000000000030 mtime=1369319079.897942957 30 atime=1369319079.828943477 30 ctime=1369319079.897942957 fwlogwatch-1.4/0000755000000000000000000000000012147423247013527 5ustar00rootroot00000000000000fwlogwatch-1.4/PaxHeaders.8080/compare.h0000644000000000000000000000012412145435573016250 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.843943 30 ctime=1369319079.843943364 fwlogwatch-1.4/compare.h0000644000000000000000000000051712145435573015334 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: compare.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _COMPARE_H #define _COMPARE_H #include "main.h" struct conn_data *fwlw_pc_mergesort(struct conn_data *list1); void sort_data(unsigned char mode); void build_list(void); int list_stats(void); void show_list(FILE * fd); #endif fwlogwatch-1.4/PaxHeaders.8080/utils.h0000644000000000000000000000012412145435573015762 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.832943 30 ctime=1369319079.832943447 fwlogwatch-1.4/utils.h0000644000000000000000000000220212145435573015037 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: utils.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _UTILS_H #define _UTILS_H char *xstrncpy(char *dest, const char *src, size_t n); void *xmalloc(int size); void log_exit(unsigned char returncode); void run_command(char *buf); void free_conn_data(void); void free_dns_cache(void); void free_whois(void); void free_hosts(void); void free_exclude_data(void); void init_line(void); void mode_error(void); void build_time(char *smonth, int day, int hour, int minute, int second); char compare_ipv6(struct in6_addr *ip1, struct in6_addr *ip2); char compare_ipv6_equal(struct in6_addr *ip1, struct in6_addr *ip2); unsigned char isV4mappedV6addr(struct in6_addr *ip); char *my_inet_ntop(struct in6_addr *ip); unsigned char convert_ip(char *ip, struct in6_addr *addr); void parse_cidr(char *input, struct in6_addr *in6_addr); int convert_mask(struct in6_addr *in6_addr); void add_known_host(char *ip); void add_exclude_hpb(char *input, unsigned char mode); void add_input_file(char *name); void free_input_file(void); void generate_email_header(FILE * fd); void fdprintf(int fd, char *format, ...); #endif fwlogwatch-1.4/PaxHeaders.8080/netfilter.l0000644000000000000000000000012412147406740016616 xustar000000000000000027 mtime=1369312736.163494 27 atime=1369319079.865943 30 ctime=1369319079.865943198 fwlogwatch-1.4/netfilter.l0000644000000000000000000002217112147406740015702 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: netfilter.l 732 2013-05-23 12:38:56Z bw $ */ %option prefix="nf" %option outfile="netfilter.c" %option noyywrap %{ #define YY_NO_INPUT #include #include #include #include "main.h" #include "utils.h" extern struct options opt; void nf_parse_start_hn(char *input); void nf_parse_start(char *input); void nf_parse_isostart_hn(char *input); void nf_parse_rfc5424start_hn(char *input); void nf_parse_prefix(char *input, unsigned char mode); void nf_parse_ip(char *input, unsigned char mode); void nf_parse_proto(char *input); %} MONTH "Jan"|"Feb"|"Mar"|"Apr"|"May"|"Jun"|"Jul"|"Aug"|"Sep"|"Oct"|"Nov"|"Dec" STRING [a-zA-Z][a-zA-Z0-9.-]* PREFIX [ -~¡-ÿ]*([ -RT-~¡-ÿ]|[ -XZ-~¡-ÿ]"S")"IN=" LOGHOST [0-9.a-zA-Z()_:-]+ DIGIT [0-9] NUMBER {DIGIT}+ OCTET {DIGIT}{1,3} PORT {DIGIT}{1,5} HEXDIGIT [0-9a-fA-F] HEXNUM "0x"{HEXDIGIT}+ PROTO "TCP"|"UDP"|"ICMP"|"ESP"|"AH"|"ICMPv6"|{NUMBER} IPV6ADDR ([0-9a-f]{1,4}":"+){1,7}[0-9a-f]{1,4} %% {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}[ ]{LOGHOST} nf_parse_start_hn(nftext); {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2} nf_parse_start(nftext); {DIGIT}{4}[ ]{MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}[ ]{LOGHOST} nf_parse_start_hn(nftext+5); {DIGIT}{4}[ ]{MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2} nf_parse_start(nftext+5); {DIGIT}{4}:{DIGIT}{2}:{DIGIT}{2}-{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}[ ]{LOGHOST} nf_parse_isostart_hn(nftext); {DIGIT}{4}"-"{DIGIT}{2}"-"{DIGIT}{2}"T"{DIGIT}{2}":"{DIGIT}{2}":"{DIGIT}{2}"."{DIGIT}{6}("+"|"-"){DIGIT}{2}":"{DIGIT}{2}[ ]{LOGHOST} nf_parse_rfc5424start_hn(nftext); " kernel: ["[ ]{0,4}{NUMBER}"."{DIGIT}{6}"]"{PREFIX}{STRING}? nf_parse_prefix(nftext+18, NF_OPT_PREFIX_KTIME); " kernel: IN="{STRING}? nf_parse_prefix(nftext+12, NF_OPT_NOPREFIX); " kernel: "{PREFIX}{STRING}? nf_parse_prefix(nftext+9, NF_OPT_PREFIX); " [kernel] IN="{STRING}? nf_parse_prefix(nftext+13, NF_OPT_NOPREFIX); " [kernel] "{PREFIX}{STRING}? nf_parse_prefix(nftext+10, NF_OPT_PREFIX); " klogd: IN="{STRING}? nf_parse_prefix(nftext+11, NF_OPT_NOPREFIX); " klogd: "{PREFIX}{STRING}? nf_parse_prefix(nftext+8, NF_OPT_PREFIX); " "{PREFIX}{STRING}? nf_parse_prefix(nftext+1, NF_OPT_PREFIX); "IN="{STRING}? nf_parse_prefix(nftext+3, NF_OPT_NOPREFIX); "OUT="{STRING}? /* ignore */ "PHYSIN="{STRING}? /* ignore */ "PHYSOUT="{STRING}? /* ignore */ "MAC="(({HEXDIGIT}{HEXDIGIT}:){21}{HEXDIGIT}{HEXDIGIT})? /* ignore */ "MAC="(({HEXDIGIT}{HEXDIGIT}:){13}{HEXDIGIT}{HEXDIGIT})? /* ignore */ "SRC="{OCTET}"."{OCTET}"."{OCTET}"."{OCTET} nf_parse_ip(nftext+4, NF_OPT_SRC); "DST="{OCTET}"."{OCTET}"."{OCTET}"."{OCTET} nf_parse_ip(nftext+4, NF_OPT_DST); "SRC="{IPV6ADDR} nf_parse_ip(nftext+4, NF_OPT_SRC6); "DST="{IPV6ADDR} nf_parse_ip(nftext+4, NF_OPT_DST6); "LEN="{NUMBER} opt.line->datalen = atoi(nftext+4); "TOS="({HEXNUM}|"00") /* ignore */ "PREC="{HEXNUM} /* ignore */ "TTL="{NUMBER} /* ignore */ "ID="{NUMBER} /* ignore */ "CE" /* ignore */ "DF" /* ignore */ "MF" /* ignore */ "FRAG:"{NUMBER} /* ignore */ "PROTO="{PROTO} nf_parse_proto(nftext+6); "INCOMPLETE ["{NUMBER}" bytes]" /* ignore */ "TYPE="{NUMBER} { opt.line->sport = atoi(nftext+5); opt.parser=opt.parser|NF_TYPE; } "CODE="{NUMBER} { opt.line->dport = atoi(nftext+5); opt.parser=opt.parser|NF_CODE; } "PARAMETER="{NUMBER} /* ignore */ "SEQ="{NUMBER} /* ignore */ "MARK="{HEXNUM} /* ignore */ "MARK=0" /* ignore */ "ACK="{NUMBER} /* ignore */ "SPT="{PORT} { opt.line->sport = atoi(nftext+4); opt.parser=opt.parser|NF_SPT; } "DPT="{PORT} { opt.line->dport = atoi(nftext+4); opt.parser=opt.parser|NF_DPT; } "WINDOW="{NUMBER} /* ignore */ "RES="{HEXNUM} /* ignore */ "URG" opt.line->flags = opt.line->flags | TCP_URG; "ACK" opt.line->flags = opt.line->flags | TCP_ACK; "PSH" opt.line->flags = opt.line->flags | TCP_PSH; "RST" opt.line->flags = opt.line->flags | TCP_RST; "SYN" opt.line->flags = opt.line->flags | TCP_SYN; "FIN" opt.line->flags = opt.line->flags | TCP_FIN; "ECE" /* ignore */ "CWR" /* ignore */ "URGP="{NUMBER} /* ignore */ "OPT ("[0-9A-F]*")" /* ignore */ "SPI="{HEXNUM} /* ignore */ "GATEWAY="{OCTET}"."{OCTET}"."{OCTET}"."{OCTET} /* ignore */ "TC="{NUMBER} /* ignore */ "HOPLIMIT="{NUMBER} /* ignore */ "FLOWLBL="{NUMBER} /* ignore */ "[".+"]" /* ignore */ "MTU="{NUMBER} /* ignore */ [ ]+ /* ignore whitespace */ [\n] return 0; {STRING} if(opt.verbose) fprintf(stderr, "Unrecognized token: %s\n", nftext); . if(opt.verbose) fprintf(stderr, "Unrecognized character: %s\n", nftext); %% void nf_parse_start_hn(char *input) { int retval, day, hour, minute, second; char smonth[4]; retval = sscanf(input, "%3s %2d %2d:%2d:%2d %32s", smonth, &day, &hour, &minute, &second, opt.line->hostname); if (retval != 6) { return; } build_time(smonth, day, hour, minute, second); opt.parser = opt.parser | NF_DATE; } void nf_parse_start(char *input) { int retval, day, hour, minute, second; char smonth[4]; retval = sscanf(input, "%3s %2d %2d:%2d:%2d", smonth, &day, &hour, &minute, &second); if (retval != 5) { return; } build_time(smonth, day, hour, minute, second); xstrncpy(opt.line->hostname, "-", SHORTLEN); opt.parser = opt.parser | NF_DATE; } void nf_parse_isostart_hn(char *input) { int retval, year, month, day, hour, minute, second; struct tm *t; retval = sscanf(input, "%4d:%2d:%2d-%2d:%2d:%2d %32s", &year, &month, &day, &hour, &minute, &second, opt.line->hostname); if (retval != 7) { return; } t = xmalloc(sizeof(struct tm)); t->tm_year = year - 1900; t->tm_mon = month - 1; t->tm_mday = day; t->tm_hour = hour; t->tm_min = minute; t->tm_sec = second; t->tm_isdst = -1; opt.line->time = mktime(t); free(t); opt.parser = opt.parser | NF_DATE; } void nf_parse_rfc5424start_hn(char *input) { int retval, year, month, day, hour, minute, second, fraction, tz_hour, tz_minute; struct tm *t; retval = sscanf(input, "%4d-%2d-%2dT%2d:%2d:%2d.%6d%3d:%2d %32s", &year, &month, &day, &hour, &minute, &second, &fraction, &tz_hour, &tz_minute, opt.line->hostname); if (retval != 10) { return; } t = xmalloc(sizeof(struct tm)); t->tm_year = year - 1900; t->tm_mon = month - 1; t->tm_mday = day; t->tm_hour = hour; t->tm_min = minute; t->tm_sec = second; t->tm_isdst = -1; opt.line->time = mktime(t); free(t); opt.parser = opt.parser | NF_DATE; } void nf_parse_prefix(char *input, unsigned char mode) { size_t i = 0; char *pnt; if (mode == NF_OPT_PREFIX_KTIME) { pnt = strchr(input, ']'); pnt += 2; } else { pnt = input; } if (mode == NF_OPT_PREFIX || mode == NF_OPT_PREFIX_KTIME) { i = strlen(pnt); while (i > 0) { if (pnt[i] == '=') { if (pnt[i - 1] == 'N') { if (pnt[i - 2] == 'I') { pnt[i - 2] = '\0'; xstrncpy(opt.line->chainlabel, pnt, SHORTLEN); xstrncpy(opt.line->interface, pnt + i + 1, SHORTLEN); break; } } } i--; } } else { xstrncpy(opt.line->chainlabel, "-", SHORTLEN); xstrncpy(opt.line->interface, pnt, SHORTLEN); } opt.parser = opt.parser | NF_IN; } void nf_parse_ip(char *input, unsigned char mode) { if ((mode == NF_OPT_SRC) || (mode == NF_OPT_SRC6)) { if (convert_ip(input, &opt.line->shost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | NF_SRC; } else { if (convert_ip(input, &opt.line->dhost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | NF_DST; } } void nf_parse_proto(char *input) { if (isdigit((int) input[0])) { opt.line->protocol = atoi(input); } else { if (strncmp(input, "TCP", 3) == 0) opt.line->protocol = 6; else if (strncmp(input, "UDP", 3) == 0) opt.line->protocol = 17; else if (strncmp(input, "ICMP", 4) == 0) opt.line->protocol = 1; else if (strncmp(input, "ESP", 3) == 0) opt.line->protocol = 50; else if (strncmp(input, "AH", 2) == 0) opt.line->protocol = 51; else if (strncmp(input, "ICMPv6", 6) == 0) opt.line->protocol = 58; } if (opt.line->protocol != 0) opt.parser = opt.parser | NF_PROTO; } unsigned char flex_netfilter(char *input, int linenum) { opt.parser = 0; init_line(); nf_scan_string(input); nflex(); nf_delete_buffer(YY_CURRENT_BUFFER); xstrncpy(opt.line->branchname, "-", SHORTLEN); opt.line->count = 1; if (((opt.line->protocol == 6) || (opt.line->protocol == 17)) && (opt.parser == (NF_DATE | NF_PROTO | NF_IN | NF_SRC | NF_DST | NF_SPT | NF_DPT))) { return PARSE_OK; } if ((opt.line->protocol == 1) && (opt.parser == (NF_DATE | NF_PROTO | NF_IN | NF_SRC | NF_DST | NF_TYPE | NF_CODE))) { return PARSE_OK; } if (((opt.line->protocol == 2) || (opt.line->protocol == 9) || (opt.line->protocol == 41) || (opt.line->protocol == 46) || (opt.line->protocol == 47) || (opt.line->protocol == 50) || (opt.line->protocol == 54) || (opt.line->protocol == 103)) && (opt.parser == (NF_DATE | NF_PROTO | NF_IN | NF_SRC | NF_DST))) { return PARSE_OK; } if (opt.verbose) fprintf(stderr, "netfilter parse error in line %d, ignoring.\n", linenum); if (opt.verbose == 2) fprintf(stderr, "input was: \"%s\"\n", input); return PARSE_WRONG_FORMAT; } fwlogwatch-1.4/PaxHeaders.8080/ipfilter.h0000644000000000000000000000012412145435573016440 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.883943 30 ctime=1369319079.883943063 fwlogwatch-1.4/ipfilter.h0000644000000000000000000000031412145435573015517 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: ipfilter.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _IPFILTER_H #define _IPFILTER_H unsigned char flex_ipfilter(char *input, int linenum); #endif fwlogwatch-1.4/PaxHeaders.8080/output.h0000644000000000000000000000012412145435573016162 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.831943 30 ctime=1369319079.831943454 fwlogwatch-1.4/output.h0000644000000000000000000000104212145435573015240 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: output.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _OUTPUT_H #define _OUTPUT_H #include "main.h" void output_timediff(time_t start, time_t end, char *td); void output_tcp_opts(struct conn_data *input, char *buf); void output_html_entry(struct conn_data *input, FILE * fd); void output_text_entry(struct conn_data *input, FILE * fd); void output_html_table(FILE * fd); void output_html_header(int fd); void output_html_footer(int fd); void output_raw_data(struct conn_data *input); #endif fwlogwatch-1.4/PaxHeaders.8080/ipchains.h0000644000000000000000000000012412145435573016420 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.897942 30 ctime=1369319079.897942957 fwlogwatch-1.4/ipchains.h0000644000000000000000000000031412145435573015477 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: ipchains.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _IPCHAINS_H #define _IPCHAINS_H unsigned char flex_ipchains(char *input, int linenum); #endif fwlogwatch-1.4/PaxHeaders.8080/cisco_ios.l0000644000000000000000000000012412145435573016600 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.837943 30 ctime=1369319079.837943409 fwlogwatch-1.4/cisco_ios.l0000644000000000000000000001542012145435573015663 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: cisco_ios.l 731 2013-05-17 14:15:23Z bw $ */ %option prefix="cisco_ios" %option outfile="cisco_ios.c" %option noyywrap %{ #define YY_NO_INPUT #include #include #include #include "main.h" #include "utils.h" extern struct options opt; void cisco_ios_parse_date(char *input, unsigned char mode); void cisco_ios_parse_src(char *input, unsigned char mode); void cisco_ios_parse_dst(char *input, unsigned char mode); void cisco_ios_parse_if(char *input); %} MONTH "Jan"|"Feb"|"Mar"|"Apr"|"May"|"Jun"|"Jul"|"Aug"|"Sep"|"Oct"|"Nov"|"Dec" STRING [a-zA-Z][a-zA-Z0-9._-]* LOGHOST [0-9.a-zA-Z()_:-]* DIGIT [0-9] NUMBER {DIGIT}+ OCTET {DIGIT}{1,3} PORT {DIGIT}{1,5} CISCO "%SEC-6-IPACCESSLOG"("P"|"DP"|"RP"|"NP"|"S")":" LIST [a-zA-Z0-9._>-]* TARGET "denied"|"permitted" PROTO "tcp"|"udp"|"icmp"|"igmp"|"gre"|"ospf"|"ipinip"|"pim"|{NUMBER} %% {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}[ ]{LOGHOST} cisco_ios_parse_date(cisco_iostext, CI_OPT_HOST); {NUMBER}":" /* ignore */ {DIGIT}"y"{DIGIT}{1,2}"w:" /* ignore */ {DIGIT}{1,2}"w"{DIGIT}"d:" /* ignore */ {DIGIT}"d"{DIGIT}{2}"h:" /* ignore */ {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}"."{DIGIT}{3}":" cisco_ios_parse_date(cisco_iostext, CI_OPT_MSEC); {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}":" cisco_ios_parse_date(cisco_iostext, CI_OPT_NONE); {CISCO} /* ignore */ "list "{LIST}[ ]{TARGET}[ ]{PROTO}[ ]{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}"("{PORT}")" cisco_ios_parse_src(cisco_iostext, CI_OPT_PORT); "list "{LIST}[ ]{TARGET}[ ]{PROTO}[ ]{OCTET}"."{OCTET}"."{OCTET}"."{OCTET} cisco_ios_parse_src(cisco_iostext, CI_OPT_NONE); "list "{LIST}[ ]{TARGET}[ ]{OCTET}"."{OCTET}"."{OCTET}"."{OCTET} cisco_ios_parse_src(cisco_iostext, CI_OPT_MISSING); "-> "{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}"("{PORT}")," cisco_ios_parse_dst(cisco_iostext, CI_OPT_PORT); "-> "{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}" ("{NUMBER}"/"{NUMBER}")," cisco_ios_parse_dst(cisco_iostext, CI_OPT_TYPE); "-> "{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}"," cisco_ios_parse_dst(cisco_iostext, CI_OPT_NONE); {NUMBER}" packet"("s")? { opt.line->count = atoi(cisco_iostext); opt.parser=opt.parser|CISCO_IOS_COUNT; } "("[A-Za-z0-9 /\._\*-]*")" cisco_ios_parse_if(cisco_iostext); [ ]+ /* ignore whitespace */ [\n] /* ignore */ {STRING} if(opt.verbose) fprintf(stderr, "Unrecognized token: %s\n", cisco_iostext); . if(opt.verbose) fprintf(stderr, "Unrecognized character: %s\n", cisco_iostext); %% void cisco_ios_parse_date(char *input, unsigned char mode) { int retval, day, hour, minute, second, msec; char smonth[4]; #ifdef IRIX char tmp[SHOSTLEN]; #endif #ifdef LOGDOTS char *remove_dot; #endif if (mode == CI_OPT_HOST) { retval = sscanf(input, "%3s %2d %2d:%2d:%2d %32s", smonth, &day, &hour, &minute, &second, #ifndef IRIX opt.line->hostname); #else tmp); if (retval != 6) return; if (tmp[2] == ':') xstrncpy(opt.line->hostname, tmp + 3, SHOSTLEN); #endif #ifdef LOGDOTS remove_dot = strstr(opt.line->hostname, "."); if (remove_dot != NULL) *remove_dot = '\0'; #endif } else if (mode == CI_OPT_MSEC) { retval = sscanf(input, "%3s %2d %2d:%2d:%2d.%3d:", smonth, &day, &hour, &minute, &second, &msec); if (retval != 6) return; } else if (mode == CI_OPT_NONE) { retval = sscanf(input, "%3s %2d %2d:%2d:%2d:", smonth, &day, &hour, &minute, &second); if (retval != 5) return; } else { exit(EXIT_FAILURE); } build_time(smonth, day, hour, minute, second); opt.parser = opt.parser | CISCO_IOS_DATE; } void cisco_ios_parse_src(char *input, unsigned char mode) { char proto[8], ip[IPLEN]; int shost1, shost2, shost3, shost4; int retval; if (mode == CI_OPT_PORT) { retval = sscanf(input, "list %" SHORTLEN_S "s %" SHORTLEN_S "s %5s %3d.%3d.%3d.%3d(%5d)", opt.line->chainlabel, opt.line->branchname, proto, &shost1, &shost2, &shost3, &shost4, &opt.line->sport); if (retval != 8) return; } else if (mode == CI_OPT_NONE) { retval = sscanf(input, "list %" SHORTLEN_S "s %" SHORTLEN_S "s %8s %3d.%3d.%3d.%3d", opt.line->chainlabel, opt.line->branchname, proto, &shost1, &shost2, &shost3, &shost4); if (retval != 7) return; } else if (mode == CI_OPT_MISSING) { return; } else { exit(EXIT_FAILURE); } snprintf(ip, IPLEN, "%d.%d.%d.%d", shost1, shost2, shost3, shost4); if (convert_ip(ip, &opt.line->shost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | CISCO_IOS_SRC; if (strncmp(proto, "tcp", 3) == 0) opt.line->protocol = 6; else if (strncmp(proto, "udp", 3) == 0) opt.line->protocol = 17; else if (strncmp(proto, "icmp", 4) == 0) opt.line->protocol = 1; else if (strncmp(proto, "igmp", 4) == 0) opt.line->protocol = 2; else if (strncmp(proto, "gre", 3) == 0) opt.line->protocol = 47; /* RFC1701/1702 */ else if (strncmp(proto, "ospf", 4) == 0) opt.line->protocol = 89; else if (strncmp(proto, "ipinip", 6) == 0) opt.line->protocol = 4; else if (strncmp(proto, "pim", 3) == 0) opt.line->protocol = 103; else if (isdigit((int) proto[0])) opt.line->protocol = atoi(proto); if (opt.line->protocol != 0) opt.parser = opt.parser | CISCO_IOS_PROTO; } void cisco_ios_parse_dst(char *input, unsigned char mode) { char ip[IPLEN]; int dhost1, dhost2, dhost3, dhost4; int retval; if (mode == CI_OPT_PORT) { retval = sscanf(input, "-> %3d.%3d.%3d.%3d(%5d),", &dhost1, &dhost2, &dhost3, &dhost4, &opt.line->dport); if (retval != 5) return; } else if (mode == CI_OPT_TYPE) { retval = sscanf(input, "-> %3d.%3d.%3d.%3d (%2d/%2d),", &dhost1, &dhost2, &dhost3, &dhost4, &opt.line->sport, &opt.line->dport); if (retval != 6) return; } else if (mode == CI_OPT_NONE) { retval = sscanf(input, "-> %3d.%3d.%3d.%3d,", &dhost1, &dhost2, &dhost3, &dhost4); if (retval != 4) return; } else { return; } snprintf(ip, IPLEN, "%d.%d.%d.%d", dhost1, dhost2, dhost3, dhost4); if (convert_ip(ip, &opt.line->dhost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | CISCO_IOS_DST; } void cisco_ios_parse_if(char *input) { #ifndef SHORT_NAMES xstrncpy(opt.line->interface, input, SHORTLEN); #else xstrncpy(opt.line->interface, "-", SHORTLEN); #endif } unsigned char flex_cisco_ios(char *input, int linenum) { opt.parser = 0; init_line(); cisco_ios_scan_string(input); cisco_ioslex(); cisco_ios_delete_buffer(YY_CURRENT_BUFFER); if (opt.parser == (CISCO_IOS_DATE | CISCO_IOS_SRC | CISCO_IOS_PROTO | CISCO_IOS_DST | CISCO_IOS_COUNT)) { return PARSE_OK; } else { if (opt.verbose) fprintf(stderr, "cisco_ios parse error in line %d, ignoring.\n", linenum); if (opt.verbose == 2) fprintf(stderr, "input was: \"%s\"\n", input); return PARSE_WRONG_FORMAT; } } fwlogwatch-1.4/PaxHeaders.8080/CREDITS0000644000000000000000000000012411145337041015457 xustar000000000000000027 mtime=1234550305.437909 27 atime=1369319079.835943 30 ctime=1369319079.835943424 fwlogwatch-1.4/CREDITS0000644000000000000000000000577011145337041014551 0ustar00rootroot00000000000000$Id: CREDITS 683 2009-02-13 18:38:25Z bw $ This program was written by Boris Wesslowski Thanks go to the following persons: Oliver Goebel for looking after this program as a RUS-CERT project and some comments. Florian Weimer for a very nice code review. Torkil Zachariassen for comments on the first public release. Shane Koster for reporting a time calculation problem. Diego M. Vadell for reporting an ipchains log format difference in old kernels. Didier Contis for information and examples of the Cisco log file formats. Werner Fleck / for reporting ipchains parser omissions and building a first debian package. Michael Reichardt for reporting various problems. Pekka Savola for further examples of Cisco log formats. Martin Hein for contributing to ipfilter support. sh00p for reports about OpenBSD and ipfilter. Neil McCalden for a first version of port exclusion support. Carl Wilhelm Soderstrom and James Ralston for improvements of the rpm spec file. Tobias Hunger for contributing to the improved response mode. Diederick van Dijk for contributing to Cisco PIX support. Andreas Pfaller for contributing to netfilter support and doing some debugging. Alberto Gonzalez Iniesta for maintaining the debian package. Sherwood Herben for contributing to realtime response mode. Robert Malmgren and Dan Larsson for contributing to FreeBSD support. Ivan F. Martinez for various suggestions and the Portuguese translation. Oden Eriksson for the Swedish translation. Xiaojun Yang for the simplified Chinese translation and doing a guided implementation of the Windows XP and NetScreen parsers. Ying-Chieh Liao for the traditional Chinese translation. Hugo van der Kooij for various suggestions. Peter Bray for comments on the Makefile and the ipfilter parser. Kimura Fuyuki for FreeBSD portability fixes. Kyle Amon for contributing a first version of the PHP frontend. Bram Vandoren for contributing to output limiting. Mirko Zeibig for contributing to the Elsa Lancom parser. Ronald Ruijgrok for pushing me to extend CSS support. Andrew Beresford for suggesting fwsm support. Robert Oschwald for contributing a SuSE init script. fwlogwatch-1.4/PaxHeaders.8080/response.h0000644000000000000000000000012412145435573016460 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.864943 30 ctime=1369319079.864943206 fwlogwatch-1.4/response.h0000644000000000000000000000074312145435573015545 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: response.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _RESPONSE_H #define _RESPONSE_H #define IP_FW_F_PRN 0x0001 /* from , gcc segfaults if included */ void check_for_ipchains(void); void check_script_perms(char *name); void modify_firewall(unsigned char action); void remove_old(unsigned char mode); void look_for_alert(void); struct known_hosts *fwlw_hs_mergesort(struct known_hosts *list); #endif fwlogwatch-1.4/PaxHeaders.8080/cisco_pix.l0000644000000000000000000000012412145435573016606 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.842943 30 ctime=1369319079.842943372 fwlogwatch-1.4/cisco_pix.l0000644000000000000000000004012312145435573015667 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: cisco_pix.l 731 2013-05-17 14:15:23Z bw $ */ %option prefix="cisco_pix" %option outfile="cisco_pix.c" %option noyywrap %{ #define YY_NO_INPUT #include #include #include #include #include "main.h" #include "utils.h" #include "resolve.h" extern struct options opt; void cisco_pix_parse_date(char *input, unsigned char mode); void cisco_pix_parse_src(char *input, unsigned char mode); void cisco_pix_parse_dst(char *input, unsigned char mode); void cisco_pix_parse_group(char *input); %} MONTH "Jan"|"Feb"|"Mar"|"Apr"|"May"|"Jun"|"Jul"|"Aug"|"Sep"|"Oct"|"Nov"|"Dec" STRING [a-zA-Z][a-zA-Z0-9._-]* LOGHOST [0-9.a-zA-Z()_:-]* DIGIT [0-9] NUMBER {DIGIT}+ OCTET {DIGIT}{1,3} PORT {DIGIT}{1,5} HEXDIGIT [0-9a-fA-F] HEXNUMBER "0x"{HEXDIGIT}+ IP {OCTET}"."{OCTET}"."{OCTET}"."{OCTET} IPPORT {IP}"/"{PORT} ZONEIP {STRING}":"{IP} ZONENAME {STRING}":"{STRING} ZONEIPPORT {STRING}":"{IP}"/"{PORT} ZONEIPPORT2 {STRING}"/"{IP}"("{PORT}")" ZONENAMEPORT {STRING}":"{STRING}"/"{PORT} ZONENAMEPORT2 {STRING}"/"{STRING}"("{PORT}")" SYSID ("%PIX"|"%FWSM"|"%ASA")"-"[1-7]"-"[0-9]{6}":" %% {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}[ ]{LOGHOST} cisco_pix_parse_date(cisco_pixtext, CP_OPT_HOST); {SYSID} /* ignore */ {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{4}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}(":")? cisco_pix_parse_date(cisco_pixtext, CP_OPT_NONE); {LOGHOST}[ ]+": " /* ignore */ " Inbound TCP connection denied from "{IPPORT} cisco_pix_parse_src(cisco_pixtext+36, CP_OPT_TCP); " TCP access denied by ACL from "{IPPORT} cisco_pix_parse_src(cisco_pixtext+31, CP_OPT_TCP); " Deny" xstrncpy(opt.line->branchname, "Deny", SHORTLEN); " TCP (no connection) from "{IPPORT} cisco_pix_parse_src(cisco_pixtext+26, CP_OPT_TCP); " inbound UDP from "{IPPORT} cisco_pix_parse_src(cisco_pixtext+18, CP_OPT_UDP); " udp src "{ZONEIPPORT} cisco_pix_parse_src(cisco_pixtext+9, CP_OPT_UDP_S); " udp src "{ZONENAMEPORT} cisco_pix_parse_src(cisco_pixtext+9, CP_OPT_UDP_N); " tcp src "{ZONEIPPORT} cisco_pix_parse_src(cisco_pixtext+9, CP_OPT_TCP_S); " tcp src "{ZONENAMEPORT} cisco_pix_parse_src(cisco_pixtext+9, CP_OPT_TCP_N); " icmp src "{ZONEIP} cisco_pix_parse_src(cisco_pixtext+10, CP_OPT_ICMP_S); " inbound icmp src "{ZONEIP} cisco_pix_parse_src(cisco_pixtext+18, CP_OPT_ICMP_S); " inbound tcp src "{ZONEIPPORT} cisco_pix_parse_src(cisco_pixtext+17, CP_OPT_TCP_S); " inbound (No xlate) tcp src "{ZONEIPPORT} cisco_pix_parse_src(cisco_pixtext+28, CP_OPT_TCP_S); " inbound (No xlate) udp src "{ZONEIPPORT} cisco_pix_parse_src(cisco_pixtext+28, CP_OPT_UDP_S); " inbound (No xlate) icmp src "{ZONEIP} cisco_pix_parse_src(cisco_pixtext+29, CP_OPT_ICMP_S); " UDP reverse path check from "{IP} cisco_pix_parse_src(cisco_pixtext+29, CP_OPT_UDP_NOPORT); {IP}" attempted to ping " cisco_pix_parse_src(cisco_pixtext, CP_OPT_ICMP); "to "{ZONEIPPORT} cisco_pix_parse_dst(cisco_pixtext+3, CP_OPT_DST_S); "to "{IPPORT} cisco_pix_parse_dst(cisco_pixtext+3, CP_OPT_DST); "to "{IP} cisco_pix_parse_dst(cisco_pixtext+3, CP_OPT_NONE); "dst "{ZONEIPPORT} cisco_pix_parse_dst(cisco_pixtext+4, CP_OPT_DST_S); "dst "{ZONENAMEPORT} cisco_pix_parse_dst(cisco_pixtext+4, CP_OPT_DST_N); "dst "{ZONEIP}" (type "{PORT}", code "{PORT}")" cisco_pix_parse_dst(cisco_pixtext+4, CP_OPT_DST_I); {IP} cisco_pix_parse_dst(cisco_pixtext, CP_OPT_NONE); "flags" /* ignore */ "URG" opt.line->flags = opt.line->flags | TCP_URG; "ACK" opt.line->flags = opt.line->flags | TCP_ACK; "PSH" opt.line->flags = opt.line->flags | TCP_PSH; "RST" opt.line->flags = opt.line->flags | TCP_RST; "SYN" opt.line->flags = opt.line->flags | TCP_SYN; "FIN" opt.line->flags = opt.line->flags | TCP_FIN; "on interface "{STRING} xstrncpy(opt.line->interface, cisco_pixtext+13, SHORTLEN); "by access-group \""{STRING}"\"" cisco_pix_parse_group(cisco_pixtext+17); "due to DNS "("Query"|"Response") /* ignore */ "("{IP}")" /* ignore */ " access-list "{STRING} xstrncpy(opt.line->chainlabel, cisco_pixtext+13, SHORTLEN); " permitted" xstrncpy(opt.line->branchname, "permitted", SHORTLEN); " denied" xstrncpy(opt.line->branchname, "denied", SHORTLEN); " tcp "{ZONEIPPORT2} cisco_pix_parse_src(cisco_pixtext+5, CP_OPT_TCP_S2); " udp "{ZONEIPPORT2} cisco_pix_parse_src(cisco_pixtext+5, CP_OPT_UDP_S2); " icmp "{ZONEIPPORT2} cisco_pix_parse_src(cisco_pixtext+6, CP_OPT_ICMP_S2); " tcp "{ZONENAMEPORT2} cisco_pix_parse_src(cisco_pixtext+5, CP_OPT_TCP_N2); " udp "{ZONENAMEPORT2} cisco_pix_parse_src(cisco_pixtext+5, CP_OPT_UDP_N2); " icmp "{ZONENAMEPORT2} cisco_pix_parse_src(cisco_pixtext+6, CP_OPT_ICMP_N2); " -> "{ZONEIPPORT2} cisco_pix_parse_dst(cisco_pixtext+4, CP_OPT_DST_S2); " -> "{ZONENAMEPORT2} cisco_pix_parse_dst(cisco_pixtext+4, CP_OPT_DST_N2); "hit-cnt "{NUMBER} /* ignore */ " first hit" /* ignore */ " "{NUMBER}"-second interval" /* ignore */ " Built dynamic "("TCP"|"UDP"|"ICMP")" translation from "{ZONEIPPORT}" to "{ZONEIPPORT} opt.parser=opt.parser|CISCO_PIX_NO_HIT; " Built "("inbound"|"outbound")" "("TCP"|"UDP")" connection "{NUMBER}" for "{ZONEIPPORT}" ("{IPPORT}") to "{ZONEIPPORT}" ("{IPPORT}")" opt.parser=opt.parser|CISCO_PIX_NO_HIT; " Built static translation from "{ZONEIP}" to "{ZONEIP} opt.parser=opt.parser|CISCO_PIX_NO_HIT; " Built local-host "{ZONEIP} opt.parser=opt.parser|CISCO_PIX_NO_HIT; " Teardown dynamic "("TCP"|"UDP"|"ICMP")" translation from "{ZONEIPPORT}" to "{ZONEIPPORT}" duration "[0-9:]+ opt.parser=opt.parser|CISCO_PIX_NO_HIT; " Teardown "("TCP"|"UDP")" connection "{NUMBER}" for "{ZONEIPPORT}" to "{ZONEIPPORT}" duration "[0-9:]+" bytes "{NUMBER}(" TCP "("Reset-"("I"|"O")|"FINs")|" "("SYN"|"FIN")" Timeout")? opt.parser=opt.parser|CISCO_PIX_NO_HIT; " No translation group found for icmp src "({ZONEIP}|{ZONENAME})" dst "({ZONEIP}|{ZONENAME})" (type "{PORT}", code "{PORT}")" opt.parser=opt.parser|CISCO_PIX_NO_HIT; " Teardown local-host "{ZONEIP}" duration "[0-9:]+ opt.parser=opt.parser|CISCO_PIX_NO_HIT; {IP}" Accessed URL ".+ opt.parser=opt.parser|CISCO_PIX_NO_HIT; " IGRP request discarded from "{IP}" to "{ZONEIP} opt.parser=opt.parser|CISCO_PIX_NO_HIT; {NUMBER}" in use, "{NUMBER}" most used" opt.parser=opt.parser|CISCO_PIX_NO_HIT; " No matching connection for ICMP error message: icmp src "({ZONEIP}|{ZONENAME})" dst "({ZONEIP}|{ZONENAME})" (type "{NUMBER}", code "{NUMBER}") on "{STRING}" interface. Original IP payload: "(("udp"|"tcp"|"icmp"|"protocol "{NUMBER})" src "({IPPORT}|{STRING}"/"{PORT}|{IP}|{STRING})" dst "({IPPORT}|{STRING}"/"{PORT}|{IP}|{STRING})|"")(" (type "{NUMBER}", code "{NUMBER}")")?"." opt.parser=opt.parser|CISCO_PIX_NO_HIT; " [".*"] drop rate-"{DIGIT}" exceeded. Current burst rate is "{NUMBER}" per second, max configured rate is "{NUMBER}"; Current average rate is "{NUMBER}" per second, max configured rate is "{NUMBER}"; Cumulative total count is "{NUMBER} opt.parser=opt.parser|CISCO_PIX_NO_HIT; " Begin configuration: "({IP}|{STRING})" reading from http [POST]" opt.parser=opt.parser|CISCO_PIX_NO_HIT; " Group = "{STRING}", Username = "{STRING}", IP = "({IP}|{STRING})", ".* opt.parser=opt.parser|CISCO_PIX_NO_HIT; " Bad TCP hdr length (hdrlen=".* opt.parser=opt.parser|CISCO_PIX_NO_HIT; " User '"{STRING}"', running '"("CLI"|"N/A")"' from IP "({IP}|{STRING})", executed '".*"'" opt.parser=opt.parser|CISCO_PIX_NO_HIT; " User '"{STRING}"' executed the '".*"' command." opt.parser=opt.parser|CISCO_PIX_NO_HIT; "["{HEXNUMBER}", "{HEXNUMBER}"]" /* ignore */ [ ]+ /* ignore whitespace */ [\n] /* ignore */ {STRING} if(opt.verbose) fprintf(stderr, "Unrecognized token: %s\n", cisco_pixtext); . if(opt.verbose) fprintf(stderr, "Unrecognized character: %s\n", cisco_pixtext); %% void cisco_pix_parse_date(char *input, unsigned char mode) { int retval, day, hour, minute, second; char smonth[4]; #ifdef IRIX char tmp[SHOSTLEN]; #endif #ifdef LOGDOTS char *remove_dot; #endif if (mode == CP_OPT_HOST) { retval = sscanf(input, "%3s %2d %2d:%2d:%2d %32s", smonth, &day, &hour, &minute, &second, #ifndef IRIX opt.line->hostname); #else tmp); if (retval != 6) return; if (tmp[2] == ':') xstrncpy(opt.line->hostname, tmp + 3, SHOSTLEN); #endif #ifdef LOGDOTS remove_dot = strstr(opt.line->hostname, "."); if (remove_dot != NULL) *remove_dot = '\0'; #endif } else if (mode == CP_OPT_NONE) { int year; retval = sscanf(input, "%3s %2d %4d %2d:%2d:%2d", smonth, &day, &year, &hour, &minute, &second); if (retval != 6) return; } else { exit(EXIT_FAILURE); } build_time(smonth, day, hour, minute, second); opt.parser = opt.parser | CISCO_PIX_DATE; } void cisco_pix_parse_src(char *input, unsigned char mode) { char ip[IPLEN], resolved = 0; int shost1, shost2, shost3, shost4; int retval; if ((mode == CP_OPT_TCP) || (mode == CP_OPT_UDP)) { retval = sscanf(input, "%3d.%3d.%3d.%3d/%5d", &shost1, &shost2, &shost3, &shost4, &opt.line->sport); if (mode == CP_OPT_TCP) opt.line->protocol = 6; else opt.line->protocol = 17; if (retval != 5) return; } else if ((mode == CP_OPT_TCP_S) || (mode == CP_OPT_UDP_S)) { char buf[BUFSIZE], *pnt; pnt = strstr(input, ":"); *pnt = ' '; retval = sscanf(input, "%" BUFSIZE_S "s %3d.%3d.%3d.%3d/%5d", buf, &shost1, &shost2, &shost3, &shost4, &opt.line->sport); if (mode == CP_OPT_TCP_S) opt.line->protocol = 6; else opt.line->protocol = 17; if (retval != 6) return; } else if ((mode == CP_OPT_TCP_S2) || (mode == CP_OPT_UDP_S2) || (mode == CP_OPT_ICMP_S2)) { char buf[BUFSIZE], *pnt; pnt = strstr(input, "/"); *pnt = ' '; retval = sscanf(input, "%" BUFSIZE_S "s %3d.%3d.%3d.%3d(%5d)", buf, &shost1, &shost2, &shost3, &shost4, &opt.line->sport); if (mode == CP_OPT_TCP_S2) opt.line->protocol = 6; else if (mode == CP_OPT_UDP_S2) opt.line->protocol = 17; else opt.line->protocol = 1; if (retval != 6) return; } else if ((mode == CP_OPT_TCP_N) || (mode == CP_OPT_UDP_N)) { char buf[BUFSIZE], *pnt; struct in6_addr *ip; pnt = strstr(input, ":"); *pnt = ' '; pnt = strstr(input, "/"); *pnt = ' '; retval = sscanf(input, "%*s %" BUFSIZE_S "s %5d", buf, &opt.line->sport); if (mode == CP_OPT_TCP_N) opt.line->protocol = 6; else opt.line->protocol = 17; if (retval != 2) return; ip = resolve_hostname_from_cache(buf); if (ip != NULL) { memcpy(&opt.line->shost, ip, sizeof(struct in6_addr)); resolved = 1; } else { if (opt.verbose) fprintf(stderr, "cisco_pix host '%s' could not be resolved, ignoring.\n", buf); return; } } else if ((mode == CP_OPT_TCP_N2) || (mode == CP_OPT_UDP_N2) || (mode == CP_OPT_ICMP_N2)) { char buf[BUFSIZE], *pnt; struct in6_addr *ip; pnt = strstr(input, "/"); *pnt = ' '; pnt = strstr(input, "("); *pnt = ' '; pnt = strstr(input, ")"); *pnt = 0; retval = sscanf(input, "%*s %" BUFSIZE_S "s %5d", buf, &opt.line->sport); if (mode == CP_OPT_TCP_N2) opt.line->protocol = 6; else if (mode == CP_OPT_UDP_N2) opt.line->protocol = 17; else opt.line->protocol = 1; if (retval != 2) return; ip = resolve_hostname_from_cache(buf); if (ip != NULL) { memcpy(&opt.line->shost, ip, sizeof(struct in6_addr)); resolved = 1; } else { if (opt.verbose) fprintf(stderr, "cisco_pix host '%s' could not be resolved, ignoring.\n", buf); return; } } else if (mode == CP_OPT_ICMP_S) { char buf[BUFSIZE], *pnt; pnt = strstr(input, ":"); *pnt = ' '; retval = sscanf(input, "%" BUFSIZE_S "s %3d.%3d.%3d.%3d", buf, &shost1, &shost2, &shost3, &shost4); opt.line->protocol = 1; if (retval != 5) return; } else if (mode == CP_OPT_ICMP) { retval = sscanf(input, "%3d.%3d.%3d.%3d attempted to ping", &shost1, &shost2, &shost3, &shost4); opt.line->protocol = 1; if (retval != 4) return; } else if (mode == CP_OPT_UDP_NOPORT) { retval = sscanf(input, "%3d.%3d.%3d.%3d", &shost1, &shost2, &shost3, &shost4); opt.line->protocol = 17; if (retval != 4) return; } if (resolved == 0) { snprintf(ip, IPLEN, "%d.%d.%d.%d", shost1, shost2, shost3, shost4); if (convert_ip(ip, &opt.line->shost) == IN_ADDR_ERROR) return; } opt.parser = opt.parser | CISCO_PIX_SRC; } void cisco_pix_parse_dst(char *input, unsigned char mode) { char ip[IPLEN], resolved = 0; int dhost1, dhost2, dhost3, dhost4; int retval; if (mode == CP_OPT_DST) { retval = sscanf(input, "%3d.%3d.%3d.%3d/%5d", &dhost1, &dhost2, &dhost3, &dhost4, &opt.line->dport); if (retval != 5) return; } else if (mode == CP_OPT_DST_S) { char buf[BUFSIZE], *pnt; pnt = strstr(input, ":"); *pnt = ' '; retval = sscanf(input, "%" BUFSIZE_S "s %3d.%3d.%3d.%3d/%5d", buf, &dhost1, &dhost2, &dhost3, &dhost4, &opt.line->dport); if (retval != 6) return; } else if (mode == CP_OPT_DST_S2) { char buf[BUFSIZE], *pnt; pnt = strstr(input, "/"); *pnt = ' '; retval = sscanf(input, "%" BUFSIZE_S "s %3d.%3d.%3d.%3d(%5d)", buf, &dhost1, &dhost2, &dhost3, &dhost4, &opt.line->dport); if (retval != 6) return; } else if (mode == CP_OPT_DST_N) { char buf[BUFSIZE], *pnt; struct in6_addr *ip; pnt = strstr(input, ":"); *pnt = ' '; pnt = strstr(input, "/"); *pnt = ' '; retval = sscanf(input, "%*s %" BUFSIZE_S "s %5d", buf, &opt.line->dport); if (retval != 2) return; ip = resolve_hostname_from_cache(buf); if (ip != NULL) { memcpy(&opt.line->dhost, ip, sizeof(struct in6_addr)); resolved = 1; } else { if (opt.verbose) fprintf(stderr, "cisco_pix host '%s' could not be resolved, ignoring.\n", buf); return; } } else if (mode == CP_OPT_DST_N2) { char buf[BUFSIZE], *pnt; struct in6_addr *ip; pnt = strstr(input, "/"); *pnt = ' '; pnt = strstr(input, "("); *pnt = ' '; pnt = strstr(input, ")"); *pnt = 0; retval = sscanf(input, "%*s %" BUFSIZE_S "s %5d", buf, &opt.line->dport); if (retval != 2) return; ip = resolve_hostname_from_cache(buf); if (ip != NULL) { memcpy(&opt.line->dhost, ip, sizeof(struct in6_addr)); resolved = 1; } else { if (opt.verbose) fprintf(stderr, "cisco_pix host '%s' could not be resolved, ignoring.\n", buf); return; } } else if (mode == CP_OPT_DST_I) { char buf[BUFSIZE], *pnt; pnt = strstr(input, ":"); *pnt = ' '; retval = sscanf(input, "%" BUFSIZE_S "s %3d.%3d.%3d.%3d (type %5d, code %5d)", buf, &dhost1, &dhost2, &dhost3, &dhost4, &opt.line->sport, &opt.line->dport); if (retval != 7) return; } else if (mode == CP_OPT_NONE) { retval = sscanf(input, "%3d.%3d.%3d.%3d", &dhost1, &dhost2, &dhost3, &dhost4); if (retval != 4) return; } if (resolved == 0) { snprintf(ip, IPLEN, "%d.%d.%d.%d", dhost1, dhost2, dhost3, dhost4); if (convert_ip(ip, &opt.line->dhost) == IN_ADDR_ERROR) return; } opt.parser = opt.parser | CISCO_PIX_DST; } void cisco_pix_parse_group(char *input) { char *pnt; pnt = strstr(input, "\""); *pnt = '\0'; xstrncpy(opt.line->chainlabel, input, SHORTLEN); } unsigned char flex_cisco_pix(char *input, int linenum) { opt.parser = 0; init_line(); xstrncpy(opt.line->interface, "-", SHORTLEN); xstrncpy(opt.line->chainlabel, "-", SHORTLEN); xstrncpy(opt.line->branchname, "-", SHORTLEN); opt.line->count = 1; cisco_pix_scan_string(input); cisco_pixlex(); cisco_pix_delete_buffer(YY_CURRENT_BUFFER); if (opt.parser & CISCO_PIX_NO_HIT) return PARSE_NO_HIT; if (opt.parser == (CISCO_PIX_DATE | CISCO_PIX_SRC | CISCO_PIX_DST)) { return PARSE_OK; } else { if (opt.verbose) fprintf(stderr, "cisco_pix parse error in line %d, ignoring.\n", linenum); if (opt.verbose == 2) fprintf(stderr, "input was: \"%s\"\n", input); return PARSE_WRONG_FORMAT; } } fwlogwatch-1.4/PaxHeaders.8080/resolve.h0000644000000000000000000000012412145435573016301 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.837943 30 ctime=1369319079.838943402 fwlogwatch-1.4/resolve.h0000644000000000000000000000075512145435573015371 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: resolve.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _RESOLVE_H #define _RESOLVE_H char *resolve_protocol(int proto); char *resolve_service(int port, char *proto); char *resolve_address(struct in6_addr ip); void init_dns_cache(struct in6_addr *ip, char *hostname); #ifdef HAVE_ADNS enum { RES_ADNS_PC, RES_ADNS_HS }; void adns_preresolve(unsigned char mode); #endif struct in6_addr *resolve_hostname_from_cache(char *name); #endif fwlogwatch-1.4/PaxHeaders.8080/ipchains.l0000644000000000000000000000012412145435573016424 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.833943 30 ctime=1369319079.833943439 fwlogwatch-1.4/ipchains.l0000644000000000000000000000746212145435573015516 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: ipchains.l 731 2013-05-17 14:15:23Z bw $ */ %option prefix="ipchains" %option outfile="ipchains.c" %option noyywrap %{ #define YY_NO_INPUT #include #include #include #include "main.h" #include "utils.h" extern struct options opt; void ipchains_parse_date(char *input); void ipchains_parse_data(char *input); void ipchains_parse_rdata(char *input); void ipchains_parse_ips(char *input); %} MONTH "Jan"|"Feb"|"Mar"|"Apr"|"May"|"Jun"|"Jul"|"Aug"|"Sep"|"Oct"|"Nov"|"Dec" STRING [a-zA-Z-][a-zA-Z0-9._-]* LOGHOST [0-9.a-zA-Z()_:-]* DIGIT [0-9] NUMBER {DIGIT}+ OCTET {DIGIT}{1,3} PORT {DIGIT}{1,5} HEXDIGIT [0-9a-fA-F] HEXNUM "0x"{HEXDIGIT}+ IPCHAINS " kernel: Packet log: " %% {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}[ ]{LOGHOST} ipchains_parse_date(ipchainstext); {IPCHAINS} /* ignore */ {STRING}[ ]{STRING}[ ]{STRING}" PROTO="{NUMBER} ipchains_parse_data(ipchainstext); {STRING}" REDIRECT "{NUMBER}[ ]{STRING}" PROTO="{NUMBER} ipchains_parse_rdata(ipchainstext); {OCTET}"."{OCTET}"."{OCTET}"."{OCTET}":"{PORT}" "{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}":"{PORT} ipchains_parse_ips(ipchainstext); "L="{NUMBER} opt.line->datalen = atoi(ipchainstext+2); "S="{HEXNUM} /* ignore */ "I="{NUMBER} /* ignore */ "F="{HEXNUM} /* ignore */ "T="{NUMBER} /* ignore */ "O="{HEXNUM} /* ignore */ "SYN" opt.line->flags = TCP_SYN; "(#"{NUMBER}")" /* ignore */ [ ]+ /* ignore whitespace */ [\n] /* ignore */ {STRING} if(opt.verbose) fprintf(stderr, "Unrecognized token: %s\n", ipchainstext); . if(opt.verbose) fprintf(stderr, "Unrecognized character: %s\n", ipchainstext); %% void ipchains_parse_date(char *input) { int retval, day, hour, minute, second; char smonth[4]; retval = sscanf(input, "%3s %2d %2d:%2d:%2d %32s", smonth, &day, &hour, &minute, &second, opt.line->hostname); if (retval != 6) return; build_time(smonth, day, hour, minute, second); opt.parser = opt.parser | IPCHAINS_DATE; } void ipchains_parse_data(char *input) { int retval; retval = sscanf(input, "%" SHORTLEN_S "s %" SHORTLEN_S "s %" SHORTLEN_S "s PROTO=%3d", opt.line->chainlabel, opt.line->branchname, opt.line->interface, &opt.line->protocol); if (retval != 4) return; opt.parser = opt.parser | IPCHAINS_DATA; } void ipchains_parse_rdata(char *input) { int retval, port; retval = sscanf(input, "%" SHORTLEN_S "s REDIRECT %5d %" SHORTLEN_S "s PROTO=%3d", opt.line->chainlabel, &port, opt.line->interface, &opt.line->protocol); if (retval != 4) return; snprintf(opt.line->branchname, SHORTLEN, "RD %d", port); opt.parser = opt.parser | IPCHAINS_DATA; } void ipchains_parse_ips(char *input) { int shost1, shost2, shost3, shost4; int dhost1, dhost2, dhost3, dhost4; int retval; char ip[IPLEN]; retval = sscanf(input, "%3d.%3d.%3d.%3d:%5d %3d.%3d.%3d.%3d:%5d", &shost1, &shost2, &shost3, &shost4, &opt.line->sport, &dhost1, &dhost2, &dhost3, &dhost4, &opt.line->dport); if (retval != 10) return; snprintf(ip, IPLEN, "%d.%d.%d.%d", shost1, shost2, shost3, shost4); if (convert_ip(ip, &opt.line->shost) == IN_ADDR_ERROR) return; snprintf(ip, IPLEN, "%d.%d.%d.%d", dhost1, dhost2, dhost3, dhost4); if (convert_ip(ip, &opt.line->dhost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | IPCHAINS_IPS; } unsigned char flex_ipchains(char *input, int linenum) { opt.parser = 0; init_line(); ipchains_scan_string(input); ipchainslex(); ipchains_delete_buffer(YY_CURRENT_BUFFER); opt.line->count = 1; if (opt.parser == (IPCHAINS_DATE | IPCHAINS_DATA | IPCHAINS_IPS)) { return PARSE_OK; } else { if (opt.verbose) fprintf(stderr, "ipchains parse error in line %d, ignoring.\n", linenum); if (opt.verbose == 2) fprintf(stderr, "input was: \"%s\"\n", input); return PARSE_WRONG_FORMAT; } } fwlogwatch-1.4/PaxHeaders.8080/fwlogwatch.spec0000644000000000000000000000012412147423173017465 xustar000000000000000027 mtime=1369319035.779185 27 atime=1369319079.873943 30 ctime=1369319079.873943138 fwlogwatch-1.4/fwlogwatch.spec0000644000000000000000000000530312147423173016547 0ustar00rootroot00000000000000# Copyright (C) 2000-2013 Boris Wesslowski # $Id: fwlogwatch.spec 734 2013-05-23 14:23:55Z bw $ Name: fwlogwatch Version: 1.4 Release: 1 Group: Productivity/Networking/Security Vendor: Boris Wesslowski URL: http://fwlogwatch.inside-security.de/ License: GPL Summary: Firewall log analyzer, report generator and realtime response agent #Source: http://fwlogwatch.inside-security.de/sw/%{name}-%{version}.tar.gz Source: %{name}-%{version}.tar.gz BuildRequires: flex BuildRoot: %_tmppath/%{name}-%{version}-buildroot %description fwlogwatch produces Linux ipchains, Linux netfilter/iptables, Solaris/BSD/IRIX/HP-UX ipfilter, Cisco IOS, Cisco PIX/ASA, NetScreen, Elsa Lancom router and Snort IDS log summary reports in plain text and HTML form and has a lot of options to analyze and display relevant patterns. It also can run as daemon (with web interface) doing realtime log monitoring and reporting anomalies or starting attack countermeasures. %prep %setup %build %__make %install %__install -d "${RPM_BUILD_ROOT}%{_sbindir}" %__install -d "${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d" %__install -d "${RPM_BUILD_ROOT}%{_mandir}/man8" %__install -d "${RPM_BUILD_ROOT}%{_datadir}/locale/de/LC_MESSAGES" %__install -d "${RPM_BUILD_ROOT}%{_datadir}/locale/ja/LC_MESSAGES" %__install -d "${RPM_BUILD_ROOT}%{_datadir}/locale/pt/LC_MESSAGES" %__install -d "${RPM_BUILD_ROOT}%{_datadir}/locale/sv/LC_MESSAGES" %__install -d "${RPM_BUILD_ROOT}%{_datadir}/locale/zh_CN/LC_MESSAGES" %__install -d "${RPM_BUILD_ROOT}%{_datadir}/locale/zh_TW/LC_MESSAGES" %__make install INSTALL_DIR="${RPM_BUILD_ROOT}%{_prefix}" %__make install-config CONF_DIR="${RPM_BUILD_ROOT}%{_sysconfdir}" %__make install-i18n LOCALE_DIR="${RPM_BUILD_ROOT}%{_prefix}" %__make install-rhinit CONF_DIR="${RPM_BUILD_ROOT}%{_sysconfdir}" %clean [ -n "${RPM_BUILD_ROOT}" ] && %__rm -rf "${RPM_BUILD_ROOT}" ( cd "${RPM_BUILD_DIR}" && %__rm -rf "%{name}-%{version}" ) %preun %stop_on_removal %postun %insserv_cleanup %files %defattr(-,root,root) %doc AUTHORS COPYING CREDITS ChangeLog README %doc contrib/fwlogsummary.cgi contrib/fwlogsummary_small.cgi %doc contrib/fwlogwatch.php %config(noreplace) %{_sysconfdir}/fwlogwatch.config %config(noreplace) %{_sysconfdir}/rc.d/init.d/fwlogwatch %config(noreplace) %{_sbindir}/fwlw_notify %config(noreplace) %{_sbindir}/fwlw_respond %{_sbindir}/fwlogwatch %{_mandir}/man8/fwlogwatch.8.gz %lang(de) %{_datadir}/locale/de/LC_MESSAGES/fwlogwatch.mo %lang(ja) %{_datadir}/locale/ja/LC_MESSAGES/fwlogwatch.mo %lang(pt) %{_datadir}/locale/pt/LC_MESSAGES/fwlogwatch.mo %lang(sv) %{_datadir}/locale/sv/LC_MESSAGES/fwlogwatch.mo %lang(zh_CN) %{_datadir}/locale/zh_CN/LC_MESSAGES/fwlogwatch.mo %lang(zh_TW) %{_datadir}/locale/zh_TW/LC_MESSAGES/fwlogwatch.mo fwlogwatch-1.4/PaxHeaders.8080/netfilter.h0000644000000000000000000000012412145435573016616 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.863943 30 ctime=1369319079.863943213 fwlogwatch-1.4/netfilter.h0000644000000000000000000000032012145435573015672 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: netfilter.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _NETFILTER_H #define _NETFILTER_H unsigned char flex_netfilter(char *input, int linenum); #endif fwlogwatch-1.4/PaxHeaders.8080/whois.c0000644000000000000000000000012412145435573015746 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.843943 30 ctime=1369319079.843943364 fwlogwatch-1.4/whois.c0000644000000000000000000001470412145435573015035 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: whois.c 731 2013-05-17 14:15:23Z bw $ */ #include #include #include #include #include #include #ifndef SOLARIS #include #else #include #endif #include #include #include "main.h" #include "utils.h" #define QUAD2IP(a,b,c,d) ((a) | (b)<<8 | (c<<16) | (d)<<24) #define PREFIX2MASK(n) (~0U>>(32-(n))) struct whois_entry *whois_first = NULL; extern struct options opt; int whois_get_type(char *type) { int cnt = 0, retval = -1; char buffer[WHOISCMDLEN]; signed char c; read(opt.whois_sock, &c, 1); while ((c != '\n') && (c != EOF) && (cnt < WHOISCMDLEN)) { buffer[cnt] = c; cnt++; read(opt.whois_sock, &c, 1); } buffer[cnt] = '\0'; switch (buffer[0]) { case 'A': *type = buffer[0]; retval = atoi(&buffer[1]); break; case 'C': *type = buffer[0]; retval = 0; break; default: *type = '\0'; } return (retval); } void whois_read_socket(char *buf, int len) { int cnt = 0, retval; bzero(buf, len); while (cnt < len) { retval = read(opt.whois_sock, (char *) (buf + cnt), (len - cnt)); cnt += retval; } *(buf + len) = '\0'; #ifdef WHOIS_DEBUG fprintf(stderr, "--- WHOIS_DEBUG ---\n%s--- WHOIS_DEBUG ---\n", buf); fflush(stdout); #endif } char *whois_read_data() { int retval; char type, *data = NULL; while (1) { retval = whois_get_type(&type); if (type == 'A') { data = xmalloc(retval + 1); whois_read_socket(data, retval); } else { break; } } return (data); } char *whois_get_from_as(int asn) { char cmdstr[WHOISCMDLEN], *data; snprintf(cmdstr, WHOISCMDLEN, "!man,AS%d\n", asn); write(opt.whois_sock, cmdstr, strlen(cmdstr)); data = whois_read_data(); return (data); } void whois_search_desc(struct whois_entry *we) { char *obj, *descs, *desce; obj = whois_get_from_as(we->as_number); if (obj != NULL) { descs = strstr(obj, "descr:"); if (descs != NULL) { descs += 6; while ((*descs == ' ') || (*descs == '\t')) descs++; desce = strchr(descs, '\n'); if (desce != NULL) *desce = '\0'; we->as_descr = xmalloc(strlen(descs) + 1); xstrncpy(we->as_descr, descs, strlen(descs) + 1); } free(obj); } } void whois_from_ip(struct in6_addr ip, struct whois_entry *we) { char cmdstr[WHOISCMDLEN], *data, *descs, *desce; we->as_number = 0; we->ip_route = NULL; we->ip_descr = NULL; we->as_descr = NULL; snprintf(cmdstr, WHOISCMDLEN, "!r%s/32,l\n", my_inet_ntop(&ip)); write(opt.whois_sock, cmdstr, strlen(cmdstr)); data = whois_read_data(); if (data != NULL) { descs = data; while (*descs != '\0') { if ((we->as_number == 0) && (strstr(descs, "origin:") == descs)) { descs += 7; while ((*descs == ' ') || (*descs == '\t')) descs++; descs += 2; desce = strchr(descs, '\n'); if (desce != NULL) *desce = '\0'; we->as_number = atoi(descs); whois_search_desc(we); descs = desce + 1; } else if ((we->ip_route == NULL) && ((strstr(descs, "route:") == descs) || (strstr(descs, "route6:") == descs))) { descs += 7; while ((*descs == ' ') || (*descs == '\t')) descs++; desce = strchr(descs, '\n'); if (desce != NULL) *desce = '\0'; we->ip_route = xmalloc(strlen(descs) + 1); xstrncpy(we->ip_route, descs, strlen(descs) + 1); descs = desce + 1; } else if ((we->ip_descr == NULL) && (strstr(descs, "descr:") == descs)) { descs += 6; while ((*descs == ' ') || (*descs == '\t')) descs++; desce = strchr(descs, '\n'); if (desce != NULL) *desce = '\0'; we->ip_descr = xmalloc(strlen(descs) + 1); xstrncpy(we->ip_descr, descs, strlen(descs) + 1); descs = desce + 1; } else { descs++; } } free(data); } if (we->as_number > 0) { if (we->ip_route == NULL) { we->ip_route = xmalloc(2); xstrncpy(we->ip_route, "-", 2); } if (we->ip_descr == NULL) { we->ip_descr = xmalloc(2); xstrncpy(we->ip_descr, "-", 2); } if (we->as_descr == NULL) { we->as_descr = xmalloc(2); xstrncpy(we->as_descr, "-", 2); } } } struct whois_entry *whois(struct in6_addr ip) { char saddrt[WHOISROUTELEN]; struct in6_addr in6_mask, in6_addrt, in6_net; struct whois_entry *we; int i; if (opt.whois_sock == -1) return NULL; if (isV4mappedV6addr(&ip)) { if ((ip.s6_addr32[3] == QUAD2IP(0, 0, 0, 0)) || ((ip.s6_addr32[3] & PREFIX2MASK(8)) == QUAD2IP(127, 0, 0, 0)) || ((ip.s6_addr32[3] & PREFIX2MASK(8)) == QUAD2IP(10, 0, 0, 0)) || ((ip.s6_addr32[3] & PREFIX2MASK(12)) == QUAD2IP(172, 16, 0, 0)) || ((ip.s6_addr32[3] & PREFIX2MASK(16)) == QUAD2IP(192, 168, 0, 0)) || (ip.s6_addr32[3] == QUAD2IP(255, 255, 255, 255))) return NULL; } else { if ((ip.s6_addr[0] & 0xE0) != 0x20) return NULL; } we = whois_first; while (we != NULL) { xstrncpy(saddrt, we->ip_route, WHOISROUTELEN); parse_cidr(saddrt, &in6_mask); for (i = 0; i < 16; i++) in6_addrt.s6_addr[i] = ip.s6_addr[i] & in6_mask.s6_addr[i]; convert_ip(saddrt, &in6_net); if (compare_ipv6_equal(&in6_addrt, &in6_net) == 0) { if (opt.verbose) fprintf(stderr, _("Looking up whois info for %s(/%d) from cache\n"), my_inet_ntop(&ip), convert_mask(&in6_mask)); return (we); } we = we->next; } if (opt.verbose) fprintf(stderr, _("Looking up whois info for %s\n"), my_inet_ntop(&ip)); we = xmalloc(sizeof(struct whois_entry)); whois_from_ip(ip, we); if (we->as_number != 0) { we->next = whois_first; whois_first = we; return (we); } else { return (NULL); } } void whois_connect(const char *whois_server) { struct hostent *he; struct sockaddr_in sin; int sock, retval; he = gethostbyname(whois_server); if (he == NULL) { fprintf(stderr, _("lookup failed: %s\n"), whois_server); exit(EXIT_FAILURE); } sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (sock == -1) { perror("socket"); exit(EXIT_FAILURE); } sin.sin_family = AF_INET; sin.sin_port = htons(WHOIS); bcopy(he->h_addr, &sin.sin_addr, he->h_length); retval = connect(sock, (struct sockaddr *) &sin, sizeof(sin)); if (retval == -1) { perror("connect"); exit(EXIT_FAILURE); } write(sock, "!!\n", 3); opt.whois_sock = sock; } void whois_close() { int retval; write(opt.whois_sock, "q\n", 2); retval = close(opt.whois_sock); if (retval == -1) perror("close"); opt.whois_sock = -1; } fwlogwatch-1.4/PaxHeaders.8080/net.c0000644000000000000000000000012312145435573015402 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.886943 29 ctime=1369319079.88694304 fwlogwatch-1.4/net.c0000644000000000000000000005457212145435573014501 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: net.c 731 2013-05-17 14:15:23Z bw $ */ #include #include #include #ifndef SOLARIS #include #else #include #include #endif #include #include #include #include #include #include #ifndef __APPLE__ #ifndef __OpenBSD__ #ifndef __FreeBSD__ #ifndef __NetBSD__ #include #endif #endif #endif #endif #ifndef INT_MAX #include #endif #include "utils.h" #include "output.h" #include "response.h" #include "resolve.h" #include "compare.h" #include "utils.h" extern struct options opt; extern struct conn_data *first; extern struct known_hosts *first_host; void secure_read(int file, char *data_out, int maxlen) { int j = 0, retval; signed char c; bzero(data_out, maxlen); retval = read(file, &c, 1); while ((retval != 0) && !(c == EOF || c == '\n') && (j < (maxlen - 1))) { data_out[j++] = c; retval = read(file, &c, 1); } if (j > 0) data_out[--j] = 0; } void prepare_socket() { int retval, x; struct sockaddr_in6 sain6; struct in6_addr in6a; opt.sock = socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP); if (opt.sock == -1) { syslog(LOG_NOTICE, "socket: %s", strerror(errno)); log_exit(EXIT_FAILURE); } retval = setsockopt(opt.sock, SOL_SOCKET, SO_REUSEADDR, (void *) &x, sizeof(x)); if (retval == -1) { syslog(LOG_NOTICE, "setsockopt: %s", strerror(errno)); log_exit(EXIT_FAILURE); } retval = inet_pton(AF_INET6, opt.listenif, in6a.s6_addr); if (retval != 1) { char nnb[HOSTLEN]; snprintf(nnb, HOSTLEN, "::ffff:%s", opt.listenif); retval = inet_pton(AF_INET6, nnb, in6a.s6_addr); if (retval != 1) { syslog(LOG_NOTICE, "inet_pton: Bad address %s", opt.listenif); log_exit(EXIT_FAILURE); } } bzero(&sain6, sizeof(sain6)); sain6.sin6_family = AF_INET6; sain6.sin6_port = htons(opt.listenport); sain6.sin6_addr = in6a; retval = bind(opt.sock, (struct sockaddr *) &sain6, sizeof(sain6)); if (retval == -1) { syslog(LOG_NOTICE, "bind: %s", strerror(errno)); log_exit(EXIT_FAILURE); } retval = listen(opt.sock, 1); if (retval == -1) { syslog(LOG_NOTICE, "listen: %s", strerror(errno)); log_exit(EXIT_FAILURE); } syslog(LOG_NOTICE, _("Listening on %s port %i"), my_inet_ntop(&sain6.sin6_addr), ntohs(sain6.sin6_port)); if (opt.listento[0] != '\0') { syslog(LOG_NOTICE, _("Connections are only allowed from %s"), opt.listento); } } /* RFC 1945 Hypertext Transfer Protocol -- HTTP/1.0 Chapter 11.1. Basic Authentication Scheme RFC 1521 MIME (Multipurpose Internet Mail Extensions) Part One Chapter 5.2. Base64 Content-Transfer-Encoding */ void decode_base64(char *input) { int i, j = 0, k; unsigned char a[4], b[4], o[3], c, dtable[256]; char buf[80], *pnt; pnt = buf; for (i = 0; i < 255; i++) { dtable[i] = 0x80; } for (i = 'A'; i <= 'Z'; i++) { dtable[i] = 0 + (i - 'A'); } for (i = 'a'; i <= 'z'; i++) { dtable[i] = 26 + (i - 'a'); } for (i = '0'; i <= '9'; i++) { dtable[i] = 52 + (i - '0'); } dtable['+'] = 62; dtable['/'] = 63; dtable['='] = 0; while (1) { for (i = 0; i < 4; i++) { c = input[j]; if (c == '\0') { if (i > 0) { syslog(LOG_NOTICE, _("decode_base64: input string incomplete")); return; } xstrncpy(input, buf, strlen(input)); return; } if (dtable[c] & 0x80) { syslog(LOG_NOTICE, _("decode_base64: illegal character '%c' in input string"), c); return; } a[i] = c; b[i] = dtable[c]; j++; } o[0] = (b[0] << 2) | (b[1] >> 4); o[1] = (b[1] << 4) | (b[2] >> 2); o[2] = (b[2] << 6) | b[3]; i = (a[2] == '=') ? 1 : ((a[3] == '=') ? 2 : 3); for (k = 0; k < i; k++) { *pnt = o[k]; pnt++; } *pnt = '\0'; if (i < 3) { xstrncpy(input, buf, strlen(input)); return; } } } void put_entry(int conn, char *field, char sort, unsigned char mode) { if ((mode == NO_SORTING) || (sort == 0)) { fdprintf(conn, "%s\n", field); } else { fdprintf(conn, "%s
< >\n", field, sort, sort); } } void table_header(int conn, unsigned char mode, unsigned char opts) { fdprintf(conn, "\n\n"); put_entry(conn, _("count"), 'c', mode); put_entry(conn, _("added"), 't', mode); if (opt.proto) put_entry(conn, _("proto"), 'p', mode); if ((opts == NET_OPTS_PC) && (opt.datalen)) put_entry(conn, _("bytes"), 'b', mode); put_entry(conn, _("source"), 'S', mode); if (opt.resolve) put_entry(conn, _("hostname"), 0, mode); if (opt.src_port) { put_entry(conn, _("port"), 's', mode); if (opt.sresolve) put_entry(conn, _("service"), 0, mode); } if (opt.dst_ip) { put_entry(conn, _("destination"), 'D', mode); if (opt.resolve) put_entry(conn, _("hostname"), 0, mode); } if (opt.dst_port) { put_entry(conn, _("port"), 'd', mode); if (opt.sresolve) put_entry(conn, _("service"), 0, mode); } if ((opts == NET_OPTS_PC) && (opt.opts)) put_entry(conn, _("opts"), 'z', mode); put_entry(conn, _("time remaining"), 'e', mode); put_entry(conn, _("action"), 0, mode); fdprintf(conn, "\n"); } void make_header_h2(int conn, char *text) { fdprintf(conn, "

%s

\n", text); } void make_link(int conn, char *text, char *url) { fdprintf(conn, "%s", url, text); } void make_gen_table_int(int conn, char *desc, int current) { fdprintf(conn, "\n", desc, current); } void make_gen_table_str(int conn, char *desc, char *current) { fdprintf(conn, "\n", desc, current); } void make_opt_table_start(int conn, char *desc, char *opt) { fdprintf(conn, "\n", opt); } void make_opt_table_int(int conn, char *desc, char *opt, int current) { make_opt_table_start(conn, desc, opt); fdprintf(conn, "%d", current); make_opt_table_end(conn, opt); } void make_opt_table_str(int conn, char *desc, char *opt, char *current) { make_opt_table_start(conn, desc, opt); fdprintf(conn, "%s", current); make_opt_table_end(conn, opt); } void show_navigation(int conn) { fdprintf(conn, "

[ "); if (opt.webpage == 'i') { fdprintf(conn, _("Information")); } else { make_link(conn, _("Information"), "?page=i"); } fdprintf(conn, " | "); if (opt.webpage == 'o') { fdprintf(conn, _("Options")); } else { make_link(conn, _("Options"), "?page=o"); } fdprintf(conn, " | "); if (opt.webpage == 'p') { fdprintf(conn, _("Packet cache")); } else { make_link(conn, _("Packet cache"), "?page=p"); } fdprintf(conn, " | "); if (opt.webpage == 'h') { fdprintf(conn, _("Host status")); } else { make_link(conn, _("Host status"), "?page=h"); } fdprintf(conn, " | "); make_link(conn, _("Reload"), "/"); fdprintf(conn, " ]

\n"); } void http_header(int conn, char *code, unsigned char complete) { fdprintf(conn, "HTTP/1.1 %s\r\n", code); fdprintf(conn, "Server: %s/%s (C) %s\r\n", PACKAGE, VERSION, COPYRIGHT); fdprintf(conn, "Connection: close\r\n"); fdprintf(conn, "Content-Type: text/html; charset=utf-8\r\n"); if (complete == HEADER_COMPLETE) fdprintf(conn, "\r\n"); /* Date: Mon, 07 Jul 2003 21:27:17 GMT Last-Modified: Mon, 07 Jul 2003 21:25:26 GMT Accept-Ranges: bytes Content-Length: 80 */ } void basic_html_body(int conn, char *title, char *header) { fdprintf(conn, "\n\n%s\n\n", title); fdprintf(conn, "\n

%s

\n\n\n", header); } void show_status(int conn, int linenum, int hitnum, int ignored) { char buf[BUFSIZE], nows[TIMESIZE]; struct conn_data *this; struct known_hosts *this_host; unsigned char color = 1; time_t now; int count = 0, max = 0; http_header(conn, "200 OK", HEADER_COMPLETE); output_html_header(conn); show_navigation(conn); now = time(NULL); if (opt.webpage == 'i') { make_header_h2(conn, _("Information")); fdprintf(conn, "
%s:%d
%s:%s
%s:<", desc, opt); } void make_opt_table_end(int conn, char *opt) { fdprintf(conn, ">
\n"); strftime(nows, TIMESIZE, _("%A %B %d %H:%M:%S %Z %Y"), localtime(&opt.now)); make_gen_table_str(conn, _("Daemon start time"), nows); strftime(nows, TIMESIZE, _("%A %B %d %H:%M:%S %Z %Y"), localtime(&now)); make_gen_table_str(conn, _("Current time"), nows); output_timediff(opt.now, now, nows); make_gen_table_str(conn, _("Running time"), nows); snprintf(buf, BUFSIZE, "%s%s%s", _("Log"), (opt.response & OPT_NOTIFY) ? _(", notify") : "", (opt.response & OPT_RESPOND) ? _(", respond") : ""); make_gen_table_str(conn, _("Response mode"), buf); make_gen_table_int(conn, _("Lines seen"), linenum); make_gen_table_int(conn, _("Hits"), hitnum); make_gen_table_int(conn, _("Old/excluded/malformed"), ignored); this = first; while (this != NULL) { this = this->next; count++; } make_gen_table_int(conn, _("Entries in packet cache"), count); this_host = first_host; count = 0; while (this_host != NULL) { this_host = this_host->next; count++; } make_gen_table_int(conn, _("Entries in host status"), count); fdprintf(conn, "
\n"); } if (opt.webpage == 'o') { make_header_h2(conn, _("Options")); fdprintf(conn, "\n\n"); make_opt_table_int(conn, _("Alert threshold"), "alert", opt.threshold); output_timediff(0, opt.recent, nows); make_opt_table_str(conn, _("Discard timeout"), "recent", nows); make_opt_table_int(conn, _("Minimum count in packet cache"), "least", opt.least); if (opt.max > 0) { make_opt_table_int(conn, _("Top amount of entries in packet cache"), "max", opt.max); } else { make_opt_table_str(conn, _("Top amount of entries in packet cache"), "max", "-"); } if (opt.refresh > 0) { make_opt_table_int(conn, _("Refresh time"), "refresh", opt.refresh); } else { make_opt_table_str(conn, _("Refresh time"), "refresh", "-"); } fdprintf(conn, "
"); fdprintf(conn, _("Parameter")); fdprintf(conn, ""); fdprintf(conn, _("Decrease")); fdprintf(conn, ""); fdprintf(conn, _("Current")); fdprintf(conn, ""); fdprintf(conn, _("Increase")); fdprintf(conn, "
\n"); } if (opt.webpage == 'p') { make_header_h2(conn, _("Packet cache")); table_header(conn, SORTING, NET_OPTS_PC); sort_data(SORT_PC); #ifdef HAVE_ADNS if (opt.resolve) adns_preresolve(RES_ADNS_PC); #endif this = first; while ((this != NULL) && ((opt.max == 0) || (max < opt.max)) && (opt.status != FD_ERROR)) { if (this->count >= opt.least) { if (opt.max != 0) max++; strftime(nows, TIMESIZE, _("%Y/%m/%d %H:%M:%S"), localtime(&this->start_time)); fdprintf(conn, "%d%s", color, this->count, nows); if (opt.proto) { fdprintf(conn, "%s", resolve_protocol(this->protocol)); } if (opt.datalen) { fdprintf(conn, "%lu", this->datalen); } fdprintf(conn, "%s", my_inet_ntop(&this->shost)); if (opt.resolve) { fdprintf(conn, "%s", resolve_address(this->shost)); } if (opt.src_port) { fdprintf(conn, "%d", this->sport); if (opt.sresolve) { fdprintf(conn, "%s", resolve_service(this->sport, resolve_protocol(this->protocol))); } } if (opt.dst_ip) { fdprintf(conn, "%s", my_inet_ntop(&this->dhost)); if (opt.resolve) { fdprintf(conn, "%s", resolve_address(this->dhost)); } } if (opt.dst_port) { fdprintf(conn, "%d", this->dport); if (opt.sresolve) { fdprintf(conn, "%s", resolve_service(this->dport, resolve_protocol(this->protocol))); } } if (opt.opts) { output_tcp_opts(this, buf); fdprintf(conn, "%s", buf); } output_timediff(0, opt.recent - (now - this->end_time), nows); fdprintf(conn, "%s", nows); fdprintf(conn, "", this->id); fdprintf(conn, _("drop")); fdprintf(conn, " / ", this->id); fdprintf(conn, _("escalate")); fdprintf(conn, "\n"); if (color == 1) { color = 2; } else { color = 1; } } this = this->next; } fdprintf(conn, "\n"); } if (opt.webpage == 'h') { make_header_h2(conn, _("Host status")); color = 1; table_header(conn, SORTING, NO_NET_OPTS_PC); sort_data(SORT_HS); #ifdef HAVE_ADNS if (opt.resolve) adns_preresolve(RES_ADNS_HS); #endif this_host = first_host; while (this_host != NULL && (opt.status != FD_ERROR)) { fdprintf(conn, "%d", color, this_host->count); if (this_host->time == 0) { int mask; fdprintf(conn, "-"); if (opt.proto) { fdprintf(conn, _("any")); } mask = convert_mask(&this_host->netmask); if ((mask == 128) || ((isV4mappedV6addr(&this_host->shost)) && (mask == 32))) { fdprintf(conn, "%s", my_inet_ntop(&this_host->shost)); } else { fdprintf(conn, "%s/%d", my_inet_ntop(&this_host->shost), mask); } if (opt.resolve) { if ((mask == 128) || ((isV4mappedV6addr(&this_host->shost)) && (mask == 32))) { fdprintf(conn, _("(known host)")); } else { fdprintf(conn, _("(known net)")); } } if (opt.src_port) { fdprintf(conn, _("any")); if (opt.sresolve) { fdprintf(conn, "-"); } } if (opt.dst_ip) { fdprintf(conn, _("any")); if (opt.resolve) { fdprintf(conn, "-"); } } if (opt.dst_port) { fdprintf(conn, _("any")); if (opt.sresolve) { fdprintf(conn, "-"); } } fdprintf(conn, "-\n"); } else { strftime(nows, TIMESIZE, _("%Y/%m/%d %H:%M:%S"), localtime(&this_host->time)); fdprintf(conn, "%s", nows); if (opt.proto) { fdprintf(conn, "%s", resolve_protocol(this_host->protocol)); } fdprintf(conn, "%s", my_inet_ntop(&this_host->shost)); if (opt.resolve) { fdprintf(conn, "%s", resolve_address(this_host->shost)); } if (opt.src_port) { fdprintf(conn, "%d", this_host->sport); if (opt.sresolve) { fdprintf(conn, "%s", resolve_service(this_host->sport, resolve_protocol(this_host->protocol))); } } if (opt.dst_ip) { fdprintf(conn, "%s", my_inet_ntop(&this_host->dhost)); if (opt.resolve) { fdprintf(conn, "%s", resolve_address(this_host->dhost)); } } if (opt.dst_port) { fdprintf(conn, "%d", this_host->dport); if (opt.sresolve) { fdprintf(conn, "%s", resolve_service(this_host->dport, resolve_protocol(this_host->protocol))); } } output_timediff(0, opt.recent - (now - this_host->time), nows); fdprintf(conn, "%s", nows); fdprintf(conn, "", this_host->id); fdprintf(conn, _("drop")); fdprintf(conn, "\n", this_host->id); } if (color == 1) { color = 2; } else { color = 1; } this_host = this_host->next; } fdprintf(conn, "\n"); } show_navigation(conn); output_html_footer(conn); } void handshake(int linenum, int hitnum, int ignored) { #ifdef SOLARIS typedef int socklen_t; /* undefined and not unsigned as in linux */ #endif int conn, retval, id = 0; #ifndef IRIX socklen_t socks; #else size_t socks; #endif struct sockaddr_in6 sain6; char nab[INET6_ADDRSTRLEN]; char buf[BUFSIZE], password[PASSWORDSIZE], salt[3], *pnt, command[9] = "", option1 = 'm', option2 = 'm'; unsigned char auth = 0; socks = sizeof(struct sockaddr_in6); conn = accept(opt.sock, (struct sockaddr *) &sain6, &socks); if (conn == -1) { syslog(LOG_NOTICE, "accept: %s", strerror(errno)); return; } opt.status = STATUS_OK; if ((opt.listento[0] != '\0') && (strncmp(opt.listento, inet_ntop(AF_INET6, &sain6.sin6_addr, nab, INET6_ADDRSTRLEN), IP6LEN) != 0)) { syslog(LOG_NOTICE, _("Rejected connection from unallowed IP address %s port %i"), my_inet_ntop(&sain6.sin6_addr), ntohs(sain6.sin6_port)); retval = close(conn); if (retval == -1) { syslog(LOG_NOTICE, "close: %s", strerror(errno)); } return; } if (opt.verbose) syslog(LOG_NOTICE, _("Connect from %s port %i"), inet_ntop(AF_INET6, &sain6.sin6_addr, nab, INET6_ADDRSTRLEN), ntohs(sain6.sin6_port)); secure_read(conn, buf, BUFSIZE); while (!(strncmp(buf, "", BUFSIZE) == 0)) { #ifdef WEB_DEBUG fprintf(stderr, "%3d %s\n", strlen(buf), buf); #endif if ((strlen(buf) == 14) && (strncmp(buf, "GET / HTTP/1.", 13) == 0)) { strcpy(command, "show"); } else if ((strlen(buf) == 21) && (strncmp(buf, "GET /?page=", 11) == 0) && (strchr("ioph", buf[11]) != NULL)) { strcpy(command, "page"); option1 = buf[11]; } else if ((strlen(buf) == 22) && (strncmp(buf, "GET /?sort=", 11) == 0) && (strchr("ctpbSsDdze", buf[11]) != NULL) && (strchr("ad", buf[12]) != NULL)) { strcpy(command, "sort"); option1 = buf[11]; option2 = buf[12]; } else if ((strlen(buf) == 22) && (strncmp(buf, "GET /?least=", 12) == 0) && (strchr("ml", buf[12]) != NULL)) { strcpy(command, "least"); option1 = buf[12]; } else if ((strlen(buf) == 20) && (strncmp(buf, "GET /?max=", 10) == 0) && (strchr("ml", buf[10]) != NULL)) { strcpy(command, "max"); option1 = buf[10]; } else if ((strlen(buf) == 22) && (strncmp(buf, "GET /?alert=", 12) == 0) && (strchr("ml", buf[12]) != NULL)) { strcpy(command, "alert"); option1 = buf[12]; } else if ((strlen(buf) == 24) && (strncmp(buf, "GET /?refresh=", 14) == 0) && (strchr("ml", buf[14]) != NULL)) { strcpy(command, "refresh"); option1 = buf[14]; } else if ((strlen(buf) == 23) && (strncmp(buf, "GET /?recent=", 13) == 0) && (strchr("ml", buf[13]) != NULL)) { strcpy(command, "recent"); option1 = buf[13]; } else if ((strlen(buf) == 32) && (strncmp(buf, "GET /?pcdrop=", 13) == 0)) { id = atoi(buf + 13); if ((id >= 0) && (id < INT_MAX)) strcpy(command, "pcdrop"); } else if ((strlen(buf) == 34) && (strncmp(buf, "GET /?escalate=", 15) == 0)) { id = atoi(buf + 15); if ((id >= 0) && (id < INT_MAX)) strcpy(command, "escalate"); } else if ((strlen(buf) == 32) && (strncmp(buf, "GET /?hsdrop=", 13) == 0)) { id = atoi(buf + 13); if ((id >= 0) && (id < INT_MAX)) strcpy(command, "hsdrop"); } else if (strncmp(buf, "Authorization: Basic ", 21) == 0) { xstrncpy(password, buf + 21, PASSWORDSIZE); decode_base64(password); if (strncmp(opt.user, password, strlen(opt.user)) == 0) { salt[0] = opt.password[0]; salt[1] = opt.password[1]; salt[2] = '\0'; pnt = crypt(password + strlen(opt.user) + 1, salt); if (strncmp(opt.password, pnt, strlen(opt.password)) == 0) { auth = 1; } } } secure_read(conn, buf, BUFSIZE); } signal(SIGPIPE, SIG_IGN); if (auth == 0) { if (opt.verbose) syslog(LOG_NOTICE, _("Authorization failed")); http_header(conn, "401 Authorization Required", HEADER_CONTINUES); fdprintf(conn, "WWW-Authenticate: Basic realm=\"fwlogwatch\"\r\n\r\n"); basic_html_body(conn, _("Authorization required"), _("Authorization required")); } else { if (strncmp(command, "show", 4) == 0) { show_status(conn, linenum, hitnum, ignored); } else if (strncmp(command, "page", 4) == 0) { opt.webpage = option1; } else if (strncmp(command, "sort", 4) == 0) { snprintf(opt.sort_order, MAXSORTSIZE, "%c%c", option1, option2); } else if (strncmp(command, "least", 5) == 0) { if ((option1 == 'l') && (opt.least > 1)) { opt.least--; } else if (option1 == 'm') { opt.least++; } } else if (strncmp(command, "max", 3) == 0) { opt.max -= opt.max % 10; if ((option1 == 'l') && (opt.max > 9)) { opt.max = opt.max - 10; } else if (option1 == 'm') { opt.max = opt.max + 10; } } else if (strncmp(command, "alert", 5) == 0) { if ((option1 == 'l') && (opt.threshold > 1)) { opt.threshold--; } else if (option1 == 'm') { opt.threshold++; } look_for_alert(); } else if (strncmp(command, "refresh", 7) == 0) { opt.refresh -= opt.refresh % 15; if ((option1 == 'l') && (opt.refresh > 14)) { opt.refresh = opt.refresh - 15; } else if (option1 == 'm') { opt.refresh = opt.refresh + 15; } } else if (strncmp(command, "recent", 6) == 0) { opt.recent -= opt.recent % 300; if ((option1 == 'l') && (opt.recent > 600)) { opt.recent = opt.recent - 300; } else if (option1 == 'm') { opt.recent = opt.recent + 300; } } else if (strncmp(command, "pcdrop", 6) == 0) { struct conn_data *this; this = first; while (this != NULL) { if (this->id == id) { this->end_time = 1; remove_old(RESP_REMOVE_OPC); break; } this = this->next; } } else if (strncmp(command, "escalate", 8) == 0) { struct conn_data *this; this = first; while (this != NULL) { if (this->id == id) { this->count += opt.threshold - this->count; look_for_alert(); break; } this = this->next; } } else if (strncmp(command, "hsdrop", 6) == 0) { struct known_hosts *this_host; this_host = first_host; while (this_host != NULL) { if (this_host->id == id) { this_host->time = 1; remove_old(RESP_REMOVE_OHS); break; } this_host = this_host->next; } } else { http_header(conn, "400 Bad request", HEADER_COMPLETE); basic_html_body(conn, _("Bad request"), _("Bad request")); } if ((strncmp(command, "show", 4) != 0) && (command[0] != 0)) { http_header(conn, "302 Found", HEADER_CONTINUES); fdprintf(conn, "Location: /\r\n\r\n"); basic_html_body(conn, _("Redirect"), _("You should be redirected to the root directory")); } } signal(SIGPIPE, SIG_DFL); retval = close(conn); if (retval == -1) { syslog(LOG_NOTICE, "close: %s", strerror(errno)); } if (opt.verbose == 2) syslog(LOG_NOTICE, _("Requested function: %s"), command); if (opt.verbose) syslog(LOG_NOTICE, _("Connection closed")); } fwlogwatch-1.4/PaxHeaders.8080/main.c0000644000000000000000000000012412145435573015541 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.884943 30 ctime=1369319079.884943055 fwlogwatch-1.4/main.c0000644000000000000000000003063712145435573014633 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: main.c 731 2013-05-17 14:15:23Z bw $ */ #include #include #include #include #ifdef HAVE_GETTEXT #include #endif #include "main.h" #include "rcfile.h" #include "parser.h" #include "modes.h" #include "utils.h" struct options opt; extern char *optarg; void usage(char *me, unsigned char exitcode) { printf("%s %s (C) %s\n", PACKAGE, VERSION, COPYRIGHT); printf(_("Usage: %s [options] [input_files]\n"), me); printf(_("General options:\n")); printf(_(" -h this help\n")); printf(_(" -L show time of first and last log entry\n")); printf(_(" -V show version and copyright info\n")); printf("\n"); printf(_("Global options:\n")); printf(_(" -b show amount of data (sum of total packet lengths)\n")); printf(_(" -c specify config file (defaults to %s)\n"), RCFILE); printf(_(" -D do not differentiate destination IP addresses\n")); printf(_(" -d differentiate destination ports\n")); printf(_(" -E select or exclude hosts, ports, chains and targets\n")); printf(_(" quick reference: -E[ie][hp][sd]\n")); printf(_(" -E[ie][cb]\n")); printf(_(" -i initialize DNS cache with entries from file\n")); printf(_(" -M only show this amount of entries\n")); printf(_(" -m only show entries with at least so many incidents\n")); printf(_(" -N resolve service names\n")); printf(_(" -n resolve host names\n")); printf(_(" -O define the sort order (see the man page for details)\n")); printf(_(" -P use parsers for specific formats (defaults to netfilter)\n")); printf(_(" i: ipchains, n: netfilter, f: ipfilter, c: cisco ios\n")); printf(_(" p: cisco pix, e: netscreen, l: lancom, s: snort, b: ipfw\n")); printf(_(" -p differentiate protocols\n")); printf(_(" -s differentiate source ports\n")); printf(_(" -U set report and status page title and email subject\n")); printf(_(" -v verbose, specify twice for more info\n")); printf(_(" -y differentiate TCP options\n")); printf("\n"); printf(_("Log summary mode (default):\n")); printf(_(" -C <email> carbon copy recipients\n")); printf(_(" -e show end times\n")); printf(_(" -F <email> report sender address (defaults to '%s')\n"), opt.sender); printf(_(" -l <time> process recent events only (defaults to off)\n")); printf(_(" -o <file> specify output file\n")); printf(_(" -S do not differentiate source IP addresses\n")); printf(_(" -T <email> send report by email to this address\n")); printf(_(" -t show start times\n")); printf(_(" -W activate whois lookups for source addresses\n")); printf(_(" -w HTML output\n")); printf(_(" -z show time interval\n")); printf("\n"); printf(_("Realtime response mode:\n")); printf(_(" -R realtime response as daemon (default action: log only)\n")); printf(_(" -a <count> alert threshold (defaults to %d entries)\n"), ALERT); printf(_(" -l <time> forget events this old (defaults to %d hours)\n"), FORGET / 3600); printf(_(" -k <IP/net> add this IP address or net to the list of known hosts\n")); printf(_(" -A invoke notification script if threshold is reached\n")); printf(_(" -B invoke response action script (e.g. block host)\n")); printf(_(" -X <port> activate internal status information web server\n")); printf("\n"); exit(exitcode); } void info() { /* GNU standards compatible program info */ printf("%s %s\n", PACKAGE, VERSION); puts("Copyright (C) 2000-2013 Boris Wesslowski"); puts(""); puts("This program is free software; you can redistribute it and/or modify"); puts("it under the terms of the GNU General Public License as published by"); puts("the Free Software Foundation; either version 2 of the License, or"); puts("(at your option) any later version."); puts(""); puts("This program is distributed in the hope that it will be useful,"); puts("but WITHOUT ANY WARRANTY; without even the implied warranty of"); puts("MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the"); puts("GNU General Public License for more details."); puts(""); puts("You should have received a copy of the GNU General Public License"); puts("along with this program; if not, write to the Free Software"); puts("Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA"); puts("\n"); puts(_("You can contact the author at <bw@inside-security.de>.")); puts("\n"); puts(_("Compile-time options of this version:")); printf(_("Short name limit ")); #ifdef SHORT_NAMES puts(_("enabled")); #else puts(_("disabled")); #endif printf(_("Zlib support ")); #ifdef HAVE_ZLIB puts(_("enabled")); #else puts(_("disabled")); #endif printf(_("Gettext (i18n) support ")); #ifdef HAVE_GETTEXT puts(_("enabled")); #else puts(_("disabled")); #endif printf(_("GNU adns support ")); #ifdef HAVE_ADNS puts(_("enabled")); #else puts(_("disabled")); #endif exit(EXIT_SUCCESS); } void init_options() { char *user, host[SHOSTLEN]; opt.mode = LOG_SUMMARY; opt.inputfd = NULL; opt.std_in = 0; opt.verbose = 0; opt.resolve = 0; opt.sresolve = 0; opt.whois_lookup = 0; opt.whois_sock = -1; xstrncpy(opt.rcfile, RCFILE, FILESIZE); opt.rcfile_dns[0] = '\0'; opt.line = NULL; opt.format_sel[0] = '\0'; opt.format = PARSER_NETFILTER; opt.parser = 0; opt.repeated = 0; opt.orig_count = 0; opt.src_ip = 1; opt.dst_ip = 1; opt.proto = 0; opt.src_port = 0; opt.dst_port = 0; opt.opts = 0; opt.datalen = 0; opt.stimes = 0; opt.etimes = 0; opt.duration = 0; xstrncpy(opt.sort_order, SORTORDER, MAXSORTSIZE); opt.sortfield = 0; opt.sortmode = 0; opt.html = 0; opt.use_out = 0; opt.outputfile[0] = '\0'; opt.title[0] = '\0'; opt.stylesheet[0] = '\0'; xstrncpy(opt.textcol, TEXTCOLOR, COLORSIZE); xstrncpy(opt.bgcol, BGCOLOR, COLORSIZE); xstrncpy(opt.rowcol1, ROWCOLOR1, COLORSIZE); xstrncpy(opt.rowcol2, ROWCOLOR2, COLORSIZE); opt.loghost = 0; opt.hostname[0] = '\0'; opt.chains = 0; opt.chainlabel[0] = '\0'; opt.branches = 0; opt.branchname[0] = '\0'; opt.ifs = 0; opt.interface[0] = '\0'; opt.now = time(NULL); opt.recent = 0; opt.threshold = 0; opt.least = 1; opt.max = 0; opt.sender[0] = '\0'; opt.recipient[0] = '\0'; opt.cc[0] = '\0'; opt.response = OPT_LOG; opt.ipchains_check = 0; opt.pidfile[0] = '\0'; xstrncpy(opt.notify_script, FWLW_NOTIFY, FILESIZE); xstrncpy(opt.respond_script, FWLW_RESPOND, FILESIZE); opt.run_as[0] = '\0'; opt.status = STATUS_OFF; opt.stateful_start = 1; opt.sock = 0; xstrncpy(opt.listenif, LISTENIF, IP6LEN); opt.listenport = LISTENPORT; opt.listento[0] = '\0'; xstrncpy(opt.user, DEFAULT_USER, USERSIZE); xstrncpy(opt.password, DEFAULT_PASSWORD, PASSWORDSIZE); opt.refresh = 0; opt.webpage = 'i'; opt.global_id = 0; user = getenv("USER"); if (user == NULL) return; if (gethostname(host, SHOSTLEN) == -1) { perror("gethostname"); return; } snprintf(opt.sender, EMAILSIZE, "%s@%s", user, host); } int main(int argc, char **argv) { unsigned char alt_rcfile = 0, parser_mode; int iopt; init_options(); #ifdef HAVE_GETTEXT setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); #endif while ((iopt = getopt(argc, argv, "a:AbBc:C:dDeE:F:hi:I:k:l:Lm:M:nNo:O:pP:RsStT:U:vVwWX:yz")) != EOF) { switch (iopt) { case 'a': opt.threshold = atoi(optarg); break; case 'A': opt.response = opt.response | OPT_NOTIFY; break; case 'b': opt.datalen = 1; break; case 'B': opt.response = opt.response | OPT_RESPOND; break; case 'c': xstrncpy(opt.rcfile, optarg, FILESIZE); alt_rcfile = 1; break; case 'C': xstrncpy(opt.cc, optarg, EMAILSIZE); break; case 'd': opt.dst_port = 1; break; case 'D': opt.dst_ip = 0; break; case 'e': opt.etimes = 1; break; case 'E': if (optarg[0] == 'i') { parser_mode = PARSER_MODE_DEFAULT; } else if (optarg[0] == 'e') { parser_mode = PARSER_MODE_NOT; } else { fprintf(stderr, _("Illegal inclusion/exclusion pos. 1 (expected [ie]): %s\n"), optarg); fprintf(stderr, _("Exiting\n")); return EXIT_FAILURE; } if (optarg[1] == 'h') { parser_mode = parser_mode | PARSER_MODE_HOST; } else if (optarg[1] == 'p') { parser_mode = parser_mode | PARSER_MODE_PORT; } else if (optarg[1] == 'c') { parser_mode = parser_mode | PARSER_MODE_CHAIN; add_exclude_hpb(optarg + 2, parser_mode); break; } else if (optarg[1] == 'b') { parser_mode = parser_mode | PARSER_MODE_BRANCH; add_exclude_hpb(optarg + 2, parser_mode); break; } else { fprintf(stderr, _("Illegal inclusion/exclusion pos. 2 (expected [hpcb]): %s\n"), optarg); fprintf(stderr, _("Exiting\n")); return EXIT_FAILURE; } if (optarg[2] == 'd') { parser_mode = parser_mode | PARSER_MODE_DEFAULT; } else if (optarg[2] == 's') { parser_mode = parser_mode | PARSER_MODE_SRC; } else { fprintf(stderr, _("Illegal inclusion/exclusion pos. 3 (expected [sd]): %s\n"), optarg); fprintf(stderr, _("Exiting\n")); return EXIT_FAILURE; } add_exclude_hpb(optarg + 3, parser_mode); break; case 'F': xstrncpy(opt.sender, optarg, EMAILSIZE); break; case 'h': usage(argv[0], EXIT_SUCCESS); break; case 'i': xstrncpy(opt.rcfile_dns, optarg, FILESIZE); break; case 'k': add_known_host(optarg); break; case 'l': opt.recent = parse_time(optarg); break; case 'L': opt.mode = SHOW_LOG_TIMES; break; case 'm': opt.least = atoi(optarg); break; case 'M': opt.max = atoi(optarg); break; case 'n': opt.resolve = 1; break; case 'N': opt.sresolve = 1; break; case 'o': xstrncpy(opt.outputfile, optarg, FILESIZE); opt.use_out = 1; break; case 'O': xstrncpy(opt.sort_order, optarg, MAXSORTSIZE); break; case 'p': opt.proto = 1; break; case 'P': xstrncpy(opt.format_sel, optarg, SHORTLEN); break; case 'R': opt.mode = REALTIME_RESPONSE; break; case 's': opt.src_port = 1; break; case 'S': opt.src_ip = 0; break; case 't': opt.stimes = 1; break; case 'T': xstrncpy(opt.recipient, optarg, EMAILSIZE); break; case 'U': xstrncpy(opt.title, optarg, TITLESIZE); break; case 'v': opt.verbose++; break; case 'V': info(); break; case 'w': opt.html = 1; break; case 'W': opt.whois_lookup = 1; break; case 'X': opt.status = STATUS_OK; opt.listenport = atoi(optarg); if ((opt.listenport < 1) || (opt.listenport > 65535)) opt.listenport = LISTENPORT; break; case 'y': opt.opts = 1; break; case 'z': opt.duration = 1; break; default: usage(argv[0], EXIT_FAILURE); } } if (!alt_rcfile) { read_rcfile(opt.rcfile, MAY_NOT_EXIST, RCFILE_CF); } else { read_rcfile(opt.rcfile, MUST_EXIST, RCFILE_CF); } if (opt.rcfile_dns[0] != '\0') read_rcfile(opt.rcfile_dns, MUST_EXIST, RCFILE_DNS); while (optind < argc) add_input_file(argv[optind++]); if (opt.filecount == 0) add_input_file(INFILE); select_parsers(); /* Consistency checks */ if ((opt.src_port == 1) || (opt.dst_port == 1)) opt.proto = 1; if (opt.mode != LOG_SUMMARY) { opt.html = 0; opt.use_out = 0; } switch (opt.mode) { case LOG_SUMMARY: if (opt.title[0] == '\0') xstrncpy(opt.title, SUMMARY_TITLE, TITLESIZE); mode_summary(); break; case REALTIME_RESPONSE: if (opt.src_ip == 0) opt.src_ip = 1; if (opt.threshold == 0) opt.threshold = ALERT; if (opt.recent == 0) opt.recent = FORGET; if (opt.title[0] == '\0') xstrncpy(opt.title, STATUS_TITLE, TITLESIZE); mode_rt_response(); break; case SHOW_LOG_TIMES: mode_show_log_times(); break; } if (opt.verbose) fprintf(stderr, _("Exiting\n")); return EXIT_SUCCESS; } �������������������������������������������������������������������������������������������������fwlogwatch-1.4/PaxHeaders.8080/netscreen.l����������������������������������������������������������0000644�0000000�0000000�00000000123�12145435573�016613� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1368800123.419223 27 atime=1369319079.894942 29 ctime=1369319079.89494298 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/netscreen.l��������������������������������������������������������������������������0000644�0000000�0000000�00000013473�12145435573�015705� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: netscreen.l 731 2013-05-17 14:15:23Z bw $ */ %option prefix="ns" %option outfile="netscreen.c" %option noyywrap %{ #define YY_NO_INPUT #include <unistd.h> #include <string.h> #include <ctype.h> #include "main.h" #include "utils.h" extern struct options opt; void ns_parse_date(char *input); void ns_parse_ip(char *input, unsigned char mode); %} MONTH "Jan"|"Feb"|"Mar"|"Apr"|"May"|"Jun"|"Jul"|"Aug"|"Sep"|"Oct"|"Nov"|"Dec" STRING [a-zA-Z][a-zA-Z0-9._-]* LOGHOST [0-9.a-zA-Z()_:-]* DIGIT [0-9] NUMBER {DIGIT}+ OCTET {DIGIT}{1,3} PORT {DIGIT}{1,5} PARAM [A-Za-z0-9/:-]+(" ("[A-Za-z ]+")")? %% {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}[ ]{LOGHOST} ns_parse_date(nstext); {STRING}": NetScreen" /* ignore */ "device_id="{STRING} /* ignore */ ("["[a-zA-Z0-9 ]*"]")?"system-information-"{NUMBER}":" /* ignore */ ("["[a-zA-Z0-9 ]*"]")?"system-notification-"{NUMBER}("(traffic)")?":" /* ignore */ ("["[a-zA-Z0-9 ]*"]")?"system-warning-"{NUMBER}":" /* ignore */ "start_time=\""{DIGIT}{4}"-"{DIGIT}{2}"-"{DIGIT}{2}[ ]{DIGIT}{2}":"{DIGIT}{2}":"{DIGIT}{2}"\"" /* ignore */ "duration="{NUMBER} /* ignore */ "policy_id="{NUMBER} /* ignore */ "service="({PARAM}|"Network Time"|"VDO Live (tcp)") /* ignore */ "proto="{NUMBER} {opt.line->protocol=atoi(nstext+6); opt.parser=opt.parser|NS_PROTO;} "direction="{STRING} /* ignore */ "src zone="{STRING} /* ignore */ "dst zone="{STRING} /* ignore */ "action="{PARAM} {xstrncpy(opt.line->branchname,nstext+7,SHORTLEN); opt.parser=opt.parser|NS_BN;} "sent="{NUMBER} opt.line->datalen=opt.line->datalen+atoi(nstext+5); "rcvd="{NUMBER} opt.line->datalen=opt.line->datalen+atoi(nstext+5); "src="{OCTET}"."{OCTET}"."{OCTET}"."{OCTET} ns_parse_ip(nstext+4,NETSCREEN_OPT_SRC); "dst="{OCTET}"."{OCTET}"."{OCTET}"."{OCTET} ns_parse_ip(nstext+4,NETSCREEN_OPT_DST); "src_port="{PORT} {opt.line->sport=atoi(nstext+9); opt.parser=opt.parser|NS_SPORT;} "dst_port="{PORT} {opt.line->dport=atoi(nstext+9); opt.parser=opt.parser|NS_DPORT;} "icmp type="{NUMBER} {opt.line->sport=atoi(nstext+10); opt.line->sport=0; opt.parser=opt.parser|NS_SPORT|NS_DPORT;} "translated ip="{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}" port="{PORT} /* ignore */ "src-xlated ip="{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}" port="{PORT} /* ignore */ "IKE<"{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}">" opt.parser=opt.parser|NS_NO_HIT; ": XAuth login expired and was terminated for username <"[A-Za-z0-9@\.]*"> at <"{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}">." /* ignore */ ": XAuth login "("failed"|"was aborted")" for gateway <"[A-Za-z0-9 _-]*">, username <"[A-Za-z0-9@\.]*">, retry: "{NUMBER}(", timeout: "{NUMBER})?"." /* ignore */ ">> <"{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}"> Phase 1: Initiated negotiations in main mode." /* ignore */ "Phase 1: Aborted negotiations because the time limit has elapsed."(" ("[0-9a-f/]*")")? /* ignore */ "Phase 1: Completed "("Aggressive"|"Main")" mode negotiations with a <"{NUMBER}">-second lifetime." /* ignore */ "Phase 1: Completed for user <"[A-Za-z0-9 _-]*">." /* ignore */ "Phase 1: IKE responder has detected NAT in front of the remote device." /* ignore */ "Phase 1: Responder starts "("AGGRESSIVE"|"MAIN")" mode negotiations." /* ignore */ "Phase 2: Initiated negotiations." /* ignore */ "Phase 2 msg"(" ID"|"-id")" <"[0-9a-f]*">: Completed negotiations with SPI <"[0-9a-f]*">, tunnel ID <"{NUMBER}">, and lifetime <"{NUMBER}"> seconds/<"{NUMBER}"> KB." /* ignore */ "Phase 2 msg"(" ID"|"-id")" <"[0-9a-f]*">: Responded to the"(" peer's")?" first"(" peer")?" message." /* ignore */ ": Received a notification message for ".* /* ignore */ "last message repeated "{NUMBER}" time"("s")? opt.parser=opt.parser|NS_NO_HIT; /* only enters parser when last entry was IKE */ "The system clock has been updated through NTP." opt.parser=opt.parser|NS_NO_HIT; "Admin user "[A-Za-z0-9\"]+" "("has ")?"log"("in attempt"|"ged "[io]"n"|"ged out")" "("for Web(http) management (port 80)"|"via Telnet")" from "{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}":"{PORT}(" failed.")? opt.parser=opt.parser|NS_NO_HIT; "Save configuration to IP address "{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}" under filename "[A-Za-z0-9@\.]+" by administrator by admin "[A-Za-z0-9]+ opt.parser=opt.parser|NS_NO_HIT; "Lock configuration ended by task "[A-Za-z0-9:-]+ opt.parser=opt.parser|NS_NO_HIT; "("[0-9: -]{19}")" /* ignore */ [ ]+ /* ignore whitespace */ [\n] return 0; {STRING} if(opt.verbose) fprintf(stderr, "Unrecognized token: %s\n", nstext); . if(opt.verbose) fprintf(stderr, "Unrecognized character: %s\n", nstext); %% void ns_parse_date(char *input) { int retval, day, hour, minute, second; char smonth[4]; retval = sscanf(input, "%3s %2d %2d:%2d:%2d %32s", smonth, &day, &hour, &minute, &second, opt.line->hostname); if (retval != 6) { return; } build_time(smonth, day, hour, minute, second); opt.parser = opt.parser | NS_DATE; } void ns_parse_ip(char *input, unsigned char mode) { if (mode == NETSCREEN_OPT_SRC) { if (convert_ip(input, &opt.line->shost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | NS_SRC; } else { if (convert_ip(input, &opt.line->dhost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | NS_DST; } } unsigned char flex_netscreen(char *input, int linenum) { opt.parser = 0; init_line(); ns_scan_string(input); nslex(); ns_delete_buffer(YY_CURRENT_BUFFER); xstrncpy(opt.line->chainlabel, "-", SHORTLEN); xstrncpy(opt.line->interface, "-", SHORTLEN); opt.line->count = 1; if (opt.parser & NS_NO_HIT) return PARSE_NO_HIT; if (opt.parser == (NS_DATE | NS_SRC | NS_DST | NS_SPORT | NS_DPORT | NS_BN | NS_PROTO)) { return PARSE_OK; } else { if (opt.verbose) fprintf(stderr, "netscreen parse error in line %d, ignoring.\n", linenum); if (opt.verbose == 2) fprintf(stderr, "input was: \"%s\"\n", input); return PARSE_WRONG_FORMAT; } } �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/PaxHeaders.8080/lancom.c�������������������������������������������������������������0000644�0000000�0000000�00000000124�12145435573�016066� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1368800123.419223 27 atime=1369319079.869943 30 ctime=1369319079.869943168 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/lancom.c�����������������������������������������������������������������������������0000644�0000000�0000000�00000007071�12145435573�015154� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: lancom.c 731 2013-05-17 14:15:23Z bw $ */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <ctype.h> #include "main.h" #include "utils.h" extern struct options opt; unsigned char lancom(char *input, int linenum) { char *sinputs = input, *sinpute; int retval, day, hour, minute, second; char smonth[4]; init_line(); xstrncpy(opt.line->interface, "-", SHORTLEN); /* Read time */ sinpute = sinputs + 15; *sinpute = '\0'; retval = sscanf(sinputs, "%3s %2d %2d:%2d:%2d", smonth, &day, &hour, &minute, &second); if (retval != 5) { if (opt.verbose) fprintf(stderr, "lancom parse error while reading dhost in line %d, ignoring.\n", linenum); return PARSE_WRONG_FORMAT; } build_time(smonth, day, hour, minute, second); /* Read loghost */ sinpute++; sinputs = sinpute; sinpute = strchr(sinputs, ' '); *sinpute = '\0'; xstrncpy(opt.line->hostname, sinputs, sinpute - sinputs + 1); /* Read chainlabel */ sinpute++; sinputs = sinpute; sinpute = strchr(sinputs, ' '); *sinpute = '\0'; xstrncpy(opt.line->chainlabel, sinputs, sinpute - sinputs); /* Skip "Dst:" */ sinpute++; sinputs = sinpute; sinpute = strchr(sinputs, ':'); sinpute++; /* Read dest IP */ sinpute++; sinputs = sinpute; sinpute = strchr(sinputs, ':'); *sinpute = '\0'; if (convert_ip(sinputs, &opt.line->dhost) == IN_ADDR_ERROR) { if (opt.verbose) fprintf(stderr, "lancom parse error while reading dhost in line %d, ignoring.\n", linenum); return PARSE_WRONG_FORMAT; } /* Read dest port */ sinpute++; sinputs = sinpute; sinpute = strchr(sinputs, ' '); retval = sscanf(sinputs, "%5d", &opt.line->dport); if (retval == 0) { if (opt.verbose) fprintf(stderr, "lancom parse error while reading dport in line %d, ignoring.\n", linenum); return PARSE_WRONG_FORMAT; } /* Skip the "Src:" */ sinputs = sinpute; sinpute = strchr(sinputs, ':'); sinpute++; /* Read source IP */ sinpute++; sinputs = sinpute; sinpute = strchr(sinputs, ':'); *sinpute = '\0'; if (convert_ip(sinputs, &opt.line->shost) == IN_ADDR_ERROR) { if (opt.verbose) fprintf(stderr, "lancom parse error while reading shost in line %d, ignoring.\n", linenum); return PARSE_WRONG_FORMAT; } /* Read source port */ sinpute++; sinputs = sinpute; sinpute = strchr(sinputs, ' '); *sinpute = '\0'; retval = sscanf(sinputs, "%5d", &opt.line->sport); if (retval == 0) { if (opt.verbose) fprintf(stderr, "lancom parse error while reading sport in line %d, ignoring.\n", linenum); return PARSE_WRONG_FORMAT; } /* Read protocol */ sinpute++; sinputs = sinpute; sinpute = strchr(sinputs, '('); if (sinpute == NULL) { if (opt.verbose) fprintf(stderr, "lancom parse error while looking for protocol in line %d, ignoring.\n", linenum); return PARSE_WRONG_FORMAT; } sinpute++; sinputs = sinpute; sinpute = strchr(sinputs, ')'); *sinpute = '\0'; if (strncmp(sinputs, "TCP", 3) == 0) opt.line->protocol = 6; else if (strncmp(sinputs, "UDP", 3) == 0) opt.line->protocol = 17; else { if (opt.verbose) fprintf(stderr, "lancom parse error while reading proto in line %d, ignoring.\n", linenum); return PARSE_WRONG_FORMAT; } /* Read branch name */ sinpute++; sinpute++; sinpute++; sinputs = sinpute; sinpute = strchr(sinputs, '\0'); xstrncpy(opt.line->branchname, sinputs, sinpute - sinputs); /* Set rest */ opt.line->flags = 0; opt.line->count = 1; return PARSE_OK; } �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/PaxHeaders.8080/po�������������������������������������������������������������������0000644�0000000�0000000�00000000132�12147423247�015006� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1369319079.861943228 30 atime=1369319079.845943349 30 ctime=1369319079.861943228 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/����������������������������������������������������������������������������������0000755�0000000�0000000�00000000000�12147423247�014145� 5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/PaxHeaders.8080/zh_TW.po����������������������������������������������������������0000644�0000000�0000000�00000000124�12147420772�016457� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1369317882.372329 27 atime=1369319079.859943 30 ctime=1369319079.861943228 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/zh_TW.po��������������������������������������������������������������������������0000644�0000000�0000000�00000072171�12147420772�015550� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������msgid "" msgstr "" "Project-Id-Version: fwlogwatch 0.5.2\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-05-23 15:04+0200\n" "PO-Revision-Date: 2001-11-11 00:20+0100\n" "Last-Translator: Ying-Chieh Liao <ijliao@csie.nctu.edu.tw>\n" "Language-Team: -\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=Big5\n" "Content-Transfer-Encoding: 8bit\n" #: ../compare.c:158 #, c-format msgid "conn_sort_up: wrong mode\n" msgstr "conn_sort_up: ¼Ò¦¡¿ù»~\n" #: ../compare.c:264 #, c-format msgid "Error in sort string: '%c', order expected, ignoring.\n" msgstr "±Æ§Ç¿ù»~: '%c', »Ý­n¶¶§Ç,©¿²¤\n" #: ../compare.c:278 #, c-format msgid "Error in sort string: '%c', direction expected, ignoring.\n" msgstr "±Æ§Ç¿ù»~: '%c', »Ý­n­S³ò,©¿²¤\n" #: ../compare.c:282 #, fuzzy, c-format msgid "Error in sort string, direction expected, ignoring.\n" msgstr "±Æ§Ç¿ù»~: '%c', »Ý­n­S³ò,©¿²¤\n" #: ../compare.c:382 ../compare.c:384 ../modes.c:193 ../modes.c:200 #: ../modes.c:815 ../modes.c:817 ../output.c:106 ../output.c:113 #: ../output.c:193 ../output.c:202 ../output.c:380 msgid "%b %d %H:%M:%S" msgstr "" #: ../compare.c:383 #, c-format msgid "Timewarp in log file (%s" msgstr "log¤å¥ó¤¤ªº®É¶¡(%s" #: ../main.c:25 #, fuzzy, c-format msgid "Usage: %s [options] [input_files]\n" msgstr "¨Ï¥Î¤èªk: %s [¿ï¶µ] \n" #: ../main.c:26 #, fuzzy, c-format msgid "General options:\n" msgstr "¥þ§½¿ï¶µ: \n" #: ../main.c:27 #, fuzzy, c-format msgid " -h this help\n" msgstr " -h \tÀ°§U¤å¥ó\n" #: ../main.c:28 #, fuzzy, c-format msgid " -L show time of first and last log entry\n" msgstr " -L <¤å¥ó> \tÅã¥Ü¤å¥ó¤¤²Ä¤@¦¸»P³Ì«á¤@¦¸µn³°¬ö¿ýªº®É¶¡\n" #: ../main.c:29 #, fuzzy, c-format msgid " -V show version and copyright info\n" msgstr " -V \tÅã¥Üª©¥»»Pª©Åv«H®§\n" #: ../main.c:32 #, c-format msgid "Global options:\n" msgstr "¥þ§½¿ï¶µ: \n" #: ../main.c:33 #, fuzzy, c-format msgid " -b show amount of data (sum of total packet lengths)\n" msgstr " -b\t\tÅã¥Ü¼Æ¾Ú¶q (©Ò¦³¼Æ¾Ú¥]ªø«×ªºÁ`©M)\n" #: ../main.c:34 #, fuzzy, c-format msgid " -c <file> specify config file (defaults to %s)\n" msgstr " -c <¤å¥ó>\t«ü©w°t¸m¤å¥ó (¯Ê¬Ù %s) \n" #: ../main.c:35 #, fuzzy, c-format msgid " -D do not differentiate destination IP addresses\n" msgstr " -D \t¤£°Ï¤À¥Ø¼ÐIP¦a§}\n" #: ../main.c:36 #, fuzzy, c-format msgid " -d differentiate destination ports\n" msgstr " -d \t°Ï¤À¥Ø¼ÐºÝ¤f\n" #: ../main.c:37 #, c-format msgid " -E <format> select or exclude hosts, ports, chains and targets\n" msgstr "" #: ../main.c:38 #, c-format msgid " quick reference: -E[ie][hp][sd]<ip/number>\n" msgstr "" #: ../main.c:39 #, c-format msgid " -E[ie][cb]<name>\n" msgstr "" #: ../main.c:40 #, c-format msgid " -i <file> initialize DNS cache with entries from file\n" msgstr "" #: ../main.c:41 #, c-format msgid " -M <number> only show this amount of entries\n" msgstr "" #: ../main.c:42 #, fuzzy, c-format msgid " -m <count> only show entries with at least so many incidents\n" msgstr "\t-m <¼Æ¶q> \t¥uÅã¥Ü¦Ü¤Ö¦³³o»ò¦h¼Æ¶qªº°O¿ý\n" #: ../main.c:43 #, fuzzy, c-format msgid " -N resolve service names\n" msgstr " -n \t¸ÑªR°ì¦W\n" #: ../main.c:44 #, fuzzy, c-format msgid " -n resolve host names\n" msgstr " -n \t¸ÑªR°ì¦W\n" #: ../main.c:45 #, fuzzy, c-format msgid " -O <order> define the sort order (see the man page for details)\n" msgstr "\t-O <±Æ§Ç¤èªk> \t¹ï¿é¥X¶i¦æ±Æ§Ç (¨ãÅé°Ñ¨£¬ÛÀ³¤åÀÉ\n" #: ../main.c:46 #, fuzzy, c-format msgid "" " -P <format> use parsers for specific formats (defaults to netfilter)\n" msgstr " -P <®æ¦¡> \n" #: ../main.c:47 #, c-format msgid " i: ipchains, n: netfilter, f: ipfilter, c: cisco ios\n" msgstr "" #: ../main.c:48 #, c-format msgid "" " p: cisco pix, e: netscreen, l: lancom, s: snort, b: ipfw\n" msgstr "" #: ../main.c:49 #, fuzzy, c-format msgid " -p differentiate protocols\n" msgstr " -p \t°Ï¤À¶Ç¿é¨óij\n" #: ../main.c:50 #, fuzzy, c-format msgid " -s differentiate source ports\n" msgstr " -s \t°Ï¤À·½ºÝ¤f\n" #: ../main.c:51 #, c-format msgid " -U <title> set report and status page title and email subject\n" msgstr "" #: ../main.c:52 #, fuzzy, c-format msgid " -v verbose, specify twice for more info\n" msgstr " -v \t³B²z®ÉÅã¥Ü«H®§,¨Ï¥Î -vv ±o¨ì§ó¦h«H®§\n" #: ../main.c:53 #, fuzzy, c-format msgid " -y differentiate TCP options\n" msgstr " -y \t°Ï¤ÀTCP¿ï¶µ\n" #: ../main.c:56 #, c-format msgid "Log summary mode (default):\n" msgstr "" #: ../main.c:57 #, fuzzy, c-format msgid " -C <email> carbon copy recipients\n" msgstr " -C <email> \tÂàµo¦a§}\n" #: ../main.c:58 #, fuzzy, c-format msgid " -e show end times\n" msgstr " -t \tÅã¥Ü¶}©l»Pµ²§ô®É¶¡\n" #: ../main.c:59 #, fuzzy, c-format msgid " -F <email> report sender address (defaults to '%s')\n" msgstr " -F <email> \tµo«H¤H¦a§}\n" #: ../main.c:60 #, fuzzy, c-format msgid " -l <time> process recent events only (defaults to off)\n" msgstr " -l <®É¶¡> \t¥u³B²z·í«e¨Æ¥ó (¯Ê¬Ù¬°Ãö³¬)\n" #: ../main.c:61 #, fuzzy, c-format msgid " -o <file> specify output file\n" msgstr " -o <¤å¥ó> \t«ü©w¿é¥X¤å¥ó\n" #: ../main.c:62 #, fuzzy, c-format msgid " -S do not differentiate source IP addresses\n" msgstr " -S \t¤£°Ï¤À·½IP¦a§}\n" #: ../main.c:63 #, c-format msgid " -T <email> send report by email to this address\n" msgstr "" #: ../main.c:64 #, fuzzy, c-format msgid " -t show start times\n" msgstr " -t \tÅã¥Ü¶}©l»Pµ²§ô®É¶¡\n" #: ../main.c:65 #, fuzzy, c-format msgid " -W activate whois lookups for source addresses\n" msgstr " -W \t±Ò°Ê¹ï·½IP¦a§}ªºwhois¬d¸ß\n" #: ../main.c:66 #, fuzzy, c-format msgid " -w HTML output\n" msgstr " -w \t¥HHTML®æ¦¡¿é¥X\n" #: ../main.c:67 #, fuzzy, c-format msgid " -z show time interval\n" msgstr " -z \tÅã¥Ü®É¶¡¶¡¹j\n" #: ../main.c:70 #, c-format msgid "Realtime response mode:\n" msgstr "¹ê®É¦^À³¼Ò¦¡:\n" #: ../main.c:71 #, fuzzy, c-format msgid " -R realtime response as daemon (default action: log only)\n" msgstr "\t-R \t\t¹ê®É¦^À³§@¬°¶Ç¿é¥N²zµ{§Ç (¯Ê¬Ù: ¥u¦³¹B¦æ°O¿ý)\n" #: ../main.c:72 #, fuzzy, c-format msgid " -a <count> alert threshold (defaults to %d entries)\n" msgstr "\t-a <¼Æ¶q> \tĵ§i¬y (¯Ê¬Ù %d °O¿ý)\n" #: ../main.c:73 #, fuzzy, c-format msgid " -l <time> forget events this old (defaults to %d hours)\n" msgstr "\t-l <®É¶¡> \t©¿²¤¦¹®É¶¡«e¨ƥó (¯Ê¬Ù: %d¤p®É)\n" #: ../main.c:74 #, fuzzy, c-format msgid " -k <IP/net> add this IP address or net to the list of known hosts\n" msgstr "\t-k <IP/ºôµ¸> \t±N¦¹IP¦a§}¥[¤J¨ì¤wª¾¥D¾÷¦Cªí¤¤\n" #: ../main.c:75 #, fuzzy, c-format msgid " -A invoke notification script if threshold is reached\n" msgstr "\t-A\t\t¦pªG¦³¬y¶i¤J±Ò°Ê³qª¾¤å¥»\n" #: ../main.c:76 #, fuzzy, c-format msgid " -B invoke response action script (e.g. block host)\n" msgstr "\t-B\t \t±Ò°Ê¦^À³¤å¥» (¤ñ¦p ¤ÁÂ_¥D¾÷»P¥~³¡Áp¨t)\n" #: ../main.c:77 #, fuzzy, c-format msgid " -X <port> activate internal status information web server\n" msgstr "\t-X \t±Ò°Ê¤º³¡ª¬ºA«H®§webªA°È¾¹\n" #: ../main.c:103 #, fuzzy msgid "You can contact the author at <bw@inside-security.de>." msgstr "½Ð¨Ï¥Î¥H¤U¦a§}»P§@ªÌÁp¨t¹ê»Ú<bw@inside-security.de>." #: ../main.c:105 msgid "Compile-time options of this version:" msgstr "" #: ../main.c:106 #, c-format msgid "Short name limit " msgstr "" #: ../main.c:108 ../main.c:114 ../main.c:120 ../main.c:126 msgid "enabled" msgstr "" #: ../main.c:110 ../main.c:116 ../main.c:122 ../main.c:128 msgid "disabled" msgstr "" #: ../main.c:112 #, c-format msgid "Zlib support " msgstr "" #: ../main.c:118 #, c-format msgid "Gettext (i18n) support " msgstr "" #: ../main.c:124 #, c-format msgid "GNU adns support " msgstr "" #: ../main.c:282 #, c-format msgid "Illegal inclusion/exclusion pos. 1 (expected [ie]): %s\n" msgstr "" #: ../main.c:283 ../main.c:300 ../main.c:309 ../main.c:453 #, c-format msgid "Exiting\n" msgstr "°h¥X\n" #: ../main.c:299 #, c-format msgid "Illegal inclusion/exclusion pos. 2 (expected [hpcb]): %s\n" msgstr "" #: ../main.c:308 #, c-format msgid "Illegal inclusion/exclusion pos. 3 (expected [sd]): %s\n" msgstr "" #: ../modes.c:108 #, c-format msgid "Using stdin as input\n" msgstr "¨Ï¥Î¼Ð·Ç¿é¤J\n" #: ../modes.c:114 #, c-format msgid "Opening input file '%s'\n" msgstr "¥´¶}¿é¤J¤å¥ó '%s'\n" #: ../modes.c:130 #, c-format msgid "Processing\n" msgstr "³B²z\n" #: ../modes.c:137 #, c-format msgid "Unrecognized entries or tokens can be submitted at\n" msgstr "" #: ../modes.c:146 ../modes.c:393 ../modes.c:784 ../rcfile.c:379 #, c-format msgid "Closing '%s'\n" msgstr "Ãö³¬ '&s'\n" #: ../modes.c:175 #, c-format msgid "Sorting data\n" msgstr "¼Æ¾Ú±Æ§Ç\n" #: ../modes.c:212 #, c-format msgid "Opening output file '%s'\n" msgstr "¥´¶}¿é¥X¤å¥ó '%s'\n" #: ../modes.c:223 #, fuzzy, c-format msgid "Sending\n" msgstr "µo°e...\n" #: ../modes.c:246 ../net.c:341 ../net.c:344 msgid "%A %B %d %H:%M:%S %Z %Y" msgstr "" #: ../modes.c:247 #, c-format msgid "Generated %s by " msgstr "¥Í¦¨ %s ¥Ñ" #: ../modes.c:257 #, c-format msgid "an unknown user.\n" msgstr "¤£©ú¨Ï¥ÎªÌ\n" #: ../modes.c:265 #, c-format msgid "(and %d older than %d seconds) " msgstr "(¨Ã¥B &d ¤ñ %d ¦Ñ) " #: ../modes.c:268 #, c-format msgid "(and %d malformed) " msgstr "(¨Ã¥B %d ¦³¿ù»~)" #: ../modes.c:271 #, fuzzy, c-format msgid "of %d entries in the file \"%s\" are packet logs, " msgstr "\"%s\" ¬O¼Æ¾Ú¥]°O¿ý" #: ../modes.c:273 #, c-format msgid "of %d entries in standard input are packet logs, " msgstr "" #: ../modes.c:275 #, c-format msgid "of %d entries in %d input files are packet logs, " msgstr "" #: ../modes.c:279 #, c-format msgid "one has unique characteristics.\n" msgstr "¤@­Ó¦³¯S®í§Î¦¡\n" #: ../modes.c:281 #, c-format msgid "%d have unique characteristics.\n" msgstr "%d¦³¯S®í§Î¦¡\n" #: ../modes.c:289 #, c-format msgid "One entry was excluded by configuration.\n" msgstr "¤@±ø°O¿ý¦b°t¸m®É³Q§R°£\n" #: ../modes.c:291 #, c-format msgid "%d entries were excluded by configuration.\n" msgstr "%d°O¿ý¦b°t¸m®É³Q§R°£\n" #: ../modes.c:299 #, c-format msgid "First packet log entry: %s, last: %s.\n" msgstr "²Ä¤@±ø¼Æ¾Ú¥]µn³°°O¿ý: %s, ³Ì«á¤@±ø: %s.\n" #: ../modes.c:301 ../modes.c:813 #, c-format msgid "No valid time entries found.\n" msgstr "¨S§ä¨ì¦³®Ä®É¶¡°O¿ý\n" #: ../modes.c:308 #, c-format msgid "All entries were logged by the same host: \"%s\".\n" msgstr "©Ò¦³ªº°O¿ý³£¬O±q¦P¤@­Ó¥D¾÷µn³°ªº: \"%s\".\n" #: ../modes.c:315 #, c-format msgid "All entries are from the same chain: \"%s\".\n" msgstr "©Ò¦³ªº°O¿ý³£¨Ó¦Û¦P¤@­ÓÃì: \"%s\".\n" #: ../modes.c:322 #, c-format msgid "All entries have the same target: \"%s\".\n" msgstr "©Ò¦³ªº°O¿ý³£¦³¦P¼Ëªº¥Ø¼Ð: \"%s\".\n" #: ../modes.c:329 #, c-format msgid "All entries are from the same interface: \"%s\".\n" msgstr "©Ò¦³ªº°O¿ý³£¨Ó¦Û¦P¤@­Ó¬É­±: \"%s\".\n" #: ../modes.c:336 #, fuzzy, c-format msgid "Only entries with a count of at least %d are shown.\n" msgstr "¥uÅã¥Ü¤j¤_%dªº°O¿ý.\n" #: ../modes.c:343 #, fuzzy, c-format msgid "Only the top %d entries are shown.\n" msgstr "¥uÅã¥Ü¤j¤_%dªº°O¿ý.\n" #: ../modes.c:354 #, fuzzy, c-format msgid "Resolving\n" msgstr "¸ÑªR %s\n" #: ../modes.c:413 #, c-format msgid "Warning: pidfile exists, another fwlogwatch might be running.\n" msgstr "ĵ§i: ¦s¦bpid¤å¥ó,¥i¯à¥t¤@­Ófwlogwatch¦b¹B¦æ.\n" #: ../modes.c:427 #, fuzzy, c-format msgid "SIGHUP caught, reread configuration file %s" msgstr "®·®»¨ìSIGHUP, ­«·s¥´¶}log¤å¥ó" #: ../modes.c:429 #, fuzzy, c-format msgid "SIGHUP caught, unable to reread configuration file %s" msgstr "®·®»¨ìSIGHUP, ­«·s¥´¶}log¤å¥ó" #: ../modes.c:433 #, c-format msgid "Reread DNS cache file %s" msgstr "" #: ../modes.c:435 #, fuzzy, c-format msgid "Unable to reread DNS cache file %s" msgstr "®·®»¨ìSIGHUP, ­«·s¥´¶}log¤å¥ó" #: ../modes.c:459 msgid "SIGUSR1 caught, reading input from stdin, no need to reopen log file" msgstr "" #: ../modes.c:461 #, fuzzy, c-format msgid "SIGUSR1 caught, reopening log file %s" msgstr "®·®»¨ìSIGHUP, ­«·s¥´¶}log¤å¥ó" #: ../modes.c:533 msgid "SIGTERM caught, cleaning up" msgstr "®·®»¨ìSIGTERM, ²M°£¤º¦s" #: ../modes.c:615 #, c-format msgid "Starting (pid %d)" msgstr "¶}©l (pid %d)" #: ../modes.c:665 msgid "User to run as was not found" msgstr "" #: ../modes.c:680 #, c-format msgid "Changed uid from %d to %d, gid from %d to %d" msgstr "" #: ../modes.c:682 #, c-format msgid "Running with uid %d, gid %d" msgstr "" #: ../modes.c:686 msgid "Alert threshold is one attempt" msgstr "ĵ§ithreshold¬O¤@¦¸¹Á¸Õ" #: ../modes.c:688 #, c-format msgid "Alert threshold is %d attempts" msgstr "ĵ§ithreshold¬O%d¦¸¹Á¸Õ" #: ../modes.c:692 #, c-format msgid "Events older than %d second(s) are discarded" msgstr "¦b%d¬í¤§«eªº¨Æ¥ó±N¤£¨ü²z" #: ../modes.c:694 #, c-format msgid "Events older than %d hour(s) are discarded" msgstr "¦b%d¤p®É¤§«eªº¨Æ¥ó±N¤£¨ü²z" #: ../modes.c:697 #, fuzzy, c-format msgid "Response mode: Log%s%s" msgstr "¦^À³¼Ò¦¡: log%s%s" #: ../modes.c:697 ../net.c:350 msgid ", notify" msgstr "³qª¾" #: ../modes.c:697 ../net.c:350 msgid ", respond" msgstr ". ¦^µª" #: ../modes.c:728 #, c-format msgid "Reading standard input\n" msgstr "Ū¨ú¼Ð·Ç¿é¤J\n" #: ../modes.c:744 #, c-format msgid "Reading '%s'\n" msgstr "Ū '%s'\n" #: ../modes.c:810 #, fuzzy, c-format msgid "Number of files: %d\n" msgstr "¹Á¸Õµn³°ªº¦¸¼Æ: %s\n" #: ../modes.c:811 #, fuzzy, c-format msgid "Number of lines: %d\n" msgstr "¦æ¼Æ : %d\n" #: ../modes.c:816 #, c-format msgid "First entry: %s\n" msgstr "²Ä¤@±ø°O¿ý: %s\n" #: ../modes.c:818 #, c-format msgid "Last entry : %s\n" msgstr "³Ì«á¤@±ø°O¿ý : %s\n" #: ../modes.c:820 #, c-format msgid "Difference : %s\n" msgstr "" #: ../net.c:106 #, c-format msgid "Listening on %s port %i" msgstr "¦C¥X¦b &s ¤WªººÝ¤f %i" #: ../net.c:109 #, c-format msgid "Connections are only allowed from %s" msgstr "" #: ../net.c:149 msgid "decode_base64: input string incomplete" msgstr "decode_base64: ¿é¤J¦r²Å¦ê¤£§¹¾ã" #: ../net.c:156 #, c-format msgid "decode_base64: illegal character '%c' in input string" msgstr "decode_base64: ¦b¿é¤J¦r²Å¦ê¦³«Dªk¦r²Å '%c'" #: ../net.c:191 msgid "count" msgstr "" #: ../net.c:192 msgid "added" msgstr "" #: ../net.c:194 msgid "proto" msgstr "" #: ../net.c:196 #, fuzzy msgid "bytes" msgstr "¦r¸`)" #: ../net.c:197 msgid "source" msgstr "" #: ../net.c:199 ../net.c:208 #, fuzzy msgid "hostname" msgstr "<td>¥D¾÷¦W</td>" #: ../net.c:201 ../net.c:211 #, fuzzy msgid "port" msgstr "ºÝ¤f" #: ../net.c:203 ../net.c:213 #, fuzzy msgid "service" msgstr "<td>·½</td>" #: ../net.c:206 #, fuzzy msgid "destination" msgstr "<td>¥Ø¼Ð</td>" #: ../net.c:216 msgid "opts" msgstr "" #: ../net.c:217 #, fuzzy msgid "time remaining" msgstr "<td>³Ñ§E®É¶¡</td></tr>\n" #: ../net.c:218 msgid "action" msgstr "" #: ../net.c:270 ../net.c:272 ../net.c:337 #, fuzzy msgid "Information" msgstr "" "\n" "</div>\n" "<h2>°ò¥»«H®§</h2>\n" #: ../net.c:276 ../net.c:278 ../net.c:375 msgid "Options" msgstr "" #: ../net.c:282 ../net.c:284 ../net.c:403 #, fuzzy msgid "Packet cache" msgstr "<h2> ¼Æ¾Ú½w¦s</h2>\n" #: ../net.c:288 ../net.c:290 ../net.c:472 #, fuzzy msgid "Host status" msgstr "<h2>¥D¾÷ª¬ºA</h2>\n" #: ../net.c:293 msgid "Reload" msgstr "" #: ../net.c:342 msgid "Daemon start time" msgstr "" #: ../net.c:345 msgid "Current time" msgstr "" #: ../net.c:348 msgid "Running time" msgstr "" #: ../net.c:350 msgid "Log" msgstr "" #: ../net.c:351 #, fuzzy msgid "Response mode" msgstr "¦^À³¼Ò¦¡: log%s%s" #: ../net.c:353 msgid "Lines seen" msgstr "" #: ../net.c:354 msgid "Hits" msgstr "" #: ../net.c:355 msgid "Old/excluded/malformed" msgstr "" #: ../net.c:362 #, fuzzy msgid "Entries in packet cache" msgstr "<h2> ¼Æ¾Ú½w¦s</h2>\n" #: ../net.c:369 #, fuzzy msgid "Entries in host status" msgstr "<h2>¥D¾÷ª¬ºA</h2>\n" #: ../net.c:377 msgid "Parameter" msgstr "" #: ../net.c:379 msgid "Decrease" msgstr "" #: ../net.c:381 msgid "Current" msgstr "" #: ../net.c:383 msgid "Increase" msgstr "" #: ../net.c:385 #, fuzzy msgid "Alert threshold" msgstr "ĵ§ithreshold¬O¤@¦¸¹Á¸Õ" #: ../net.c:387 msgid "Discard timeout" msgstr "" #: ../net.c:388 msgid "Minimum count in packet cache" msgstr "" #: ../net.c:390 ../net.c:392 msgid "Top amount of entries in packet cache" msgstr "" #: ../net.c:395 ../net.c:397 msgid "Refresh time" msgstr "" #: ../net.c:419 ../net.c:528 msgid "%Y/%m/%d %H:%M:%S" msgstr "" #: ../net.c:456 ../net.c:558 msgid "drop" msgstr "" #: ../net.c:458 msgid "escalate" msgstr "" #: ../net.c:493 ../net.c:509 ../net.c:515 ../net.c:521 msgid "<td>any</td>" msgstr "<td>¥ô¦ó</td>" #: ../net.c:503 #, fuzzy msgid "<td>(known host)</td>" msgstr "<td>-</td><td>%s/%d (¤wª¾¥D¾÷/ºôµ¸)</td>" #: ../net.c:505 #, fuzzy msgid "<td>(known net)</td>" msgstr "<td>-</td><td>%s/%d (¤wª¾¥D¾÷/ºôµ¸)</td>" #: ../net.c:605 #, fuzzy, c-format msgid "Rejected connection from unallowed IP address %s port %i" msgstr "©Úµ´¨Ó¦Û %s ºÝ¤f %i ªº³X°Ý" #: ../net.c:614 #, c-format msgid "Connect from %s port %i" msgstr "¨Ó¦Û %s ºÝ¤f %i ªº³X°Ý" #: ../net.c:677 msgid "Authorization failed" msgstr "ÀËÅç¿ù»~" #: ../net.c:680 #, fuzzy msgid "Authorization required" msgstr "ÀËÅç¿ù»~" #: ../net.c:757 msgid "Bad request" msgstr "" #: ../net.c:762 msgid "Redirect" msgstr "" #: ../net.c:762 msgid "You should be redirected to the <a href=\"/\">root directory</a>" msgstr "" #: ../net.c:774 #, c-format msgid "Requested function: %s" msgstr "" #: ../net.c:777 msgid "Connection closed" msgstr "Ãö³¬Áp±µ" #: ../output.c:200 #, fuzzy, c-format msgid " to " msgstr "¨ì" #: ../output.c:255 #, c-format msgid " packet" msgstr "¼Æ¾Ú¥]" #: ../output.c:257 #, c-format msgid " packets" msgstr "¼Æ¾Ú¥]" #: ../output.c:261 #, fuzzy, c-format msgid " (%lu bytes)" msgstr "¦r¸`)" #: ../output.c:264 #, fuzzy, c-format msgid " from %s" msgstr "±q" #: ../output.c:280 ../output.c:293 #, fuzzy, c-format msgid " port %d" msgstr "ºÝ¤f" #: ../output.c:286 #, fuzzy, c-format msgid " to %s" msgstr "¨ì" #: ../output.c:313 #, fuzzy, c-format msgid "<th>start</th>" msgstr "<td>¥Ø¼Ð</td>" #: ../output.c:316 #, fuzzy, c-format msgid "<th>end</th>" msgstr "<td>¥ô¦ó</td>" #: ../output.c:319 #, fuzzy, c-format msgid "<th>interval</th>" msgstr "<td>¶¡¶Z</td>" #: ../output.c:322 #, fuzzy, c-format msgid "<th>loghost</th>" msgstr "<td>log¥D¾÷</td>" #: ../output.c:325 #, fuzzy, c-format msgid "<th>chain</th>" msgstr "<td>chain</td>" #: ../output.c:328 #, fuzzy, c-format msgid "<th>target</th>" msgstr "<td>¥Ø¼Ð</td>" #: ../output.c:331 #, fuzzy, c-format msgid "<th>interface</th>" msgstr "<td>¬É­±</td>" #: ../output.c:334 #, fuzzy, c-format msgid "<th>proto</th>" msgstr "<td>¶Ç¿é¨óij</td>" #: ../output.c:337 #, fuzzy, c-format msgid "<th>bytes</th>" msgstr "<td>¦r¸`</td>" #: ../output.c:340 #, fuzzy, c-format msgid "<th>source</th>" msgstr "<td>·½</td>" #: ../output.c:342 ../output.c:356 #, fuzzy, c-format msgid "<th>hostname</th>" msgstr "<td>¥D¾÷¦W</td>" #: ../output.c:344 #, fuzzy, c-format msgid "<th>whois information</th>" msgstr "<td>whois«H®§</td>" #: ../output.c:348 ../output.c:360 #, fuzzy, c-format msgid "<th>port</th>" msgstr "<td>¶Ç¿é¨óij</td>" #: ../output.c:350 ../output.c:362 #, fuzzy, c-format msgid "<th>service</th>" msgstr "<td>·½</td>" #: ../output.c:354 #, fuzzy, c-format msgid "<th>destination</th>" msgstr "<td>¥Ø¼Ð</td>" #: ../output.c:366 #, fuzzy, c-format msgid "<th>opts</th>" msgstr "<td>¿ï¶µ</td>" #: ../parser.c:270 #, c-format msgid "Unknown parser: '%c'.\n" msgstr "¤£ª¾parser: '%c'.\n" #: ../rcfile.c:58 #, c-format msgid "Error in configuration file '%s' line %d: not a number\n" msgstr "" #: ../rcfile.c:87 #, c-format msgid "Error in configuration file '%s' line %d, assuming 'true'\n" msgstr "" #: ../rcfile.c:281 #, fuzzy, c-format msgid "Unrecognized option in configuration file '%s' line %d\n" msgstr "°t¸m¤å¥ó¤¤¤£©ú¿ï¶µ: %s" #: ../rcfile.c:332 #, fuzzy, c-format msgid "Unrecognized entry in DNS cache file '%s' line %d\n" msgstr "°t¸m¤å¥ó¤¤¤£©ú¿ï¶µ: %s" #: ../rcfile.c:349 #, c-format msgid "%s is not a regular file, ignoring.\n" msgstr "%s ¤£¬O¼Ð·Ç¤å¥ó, ©¿²¤.\n" #: ../rcfile.c:358 #, fuzzy, c-format msgid "Opening DNS cache file '%s'\n" msgstr "¥´¶}¿é¤J¤å¥ó '%s'\n" #: ../rcfile.c:360 #, fuzzy, c-format msgid "Opening configuration file '%s'\n" msgstr "¥´¶}¿é¤J¤å¥ó '%s'\n" #: ../resolve.c:62 #, c-format msgid "port mismatch: %d != %d\n" msgstr "ºÝ¤f¤£¤Ç°t: %d != %d\n" #: ../resolve.c:99 ../resolve.c:172 msgid "[timeout]" msgstr "" #: ../resolve.c:101 ../resolve.c:174 msgid "[server failure]" msgstr "" #: ../resolve.c:111 ../resolve.c:213 #, c-format msgid "Resolving %s\n" msgstr "¸ÑªR %s\n" #: ../resolve.c:122 #, c-format msgid "%s [forward lookup failed]" msgstr "%s [¦V«e·j¯Á¥¢±Ñ]" #: ../resolve.c:131 #, fuzzy, c-format msgid " [v4 forward lookup: %s]" msgstr "%s [¦V«e·j¯Á: %s]" #: ../resolve.c:138 #, fuzzy, c-format msgid " [v6 forward lookup: %s]" msgstr "%s [¦V«e·j¯Á: %s]" #: ../resolve.c:180 #, c-format msgid "[adns status %d]" msgstr "" #: ../resolve.c:192 msgid "[adns error]" msgstr "" #: ../resolve.c:206 ../resolve.c:354 #, c-format msgid "Resolving %s from cache\n" msgstr "½w¦s¤¤¸ÑªR%s\n" #: ../resolve.c:218 #, fuzzy, c-format msgid "Resolving %s from adns\n" msgstr "½w¦s¤¤¸ÑªR%s\n" #: ../resolve.c:240 #, c-format msgid "IP address %s is already in DNS cache\n" msgstr "" #: ../resolve.c:246 #, c-format msgid "Adding IP address '%s' with host name '%s' to DNS cache\n" msgstr "" #: ../resolve.c:283 #, c-format msgid "Submitted %s to adns\n" msgstr "" #: ../response.c:56 msgid "One logging ipchains firewall rule defined" msgstr "¤@±øµn³°ipchains¨¾¤õÀð³W©w¤w©w¸q" #: ../response.c:58 #, c-format msgid "%u logging ipchains firewall rules defined" msgstr "±øµn³°ipchains¨¾¤õÀð³W©w¤w©w¸q" #: ../response.c:61 msgid "No logging ipchains firewall rules defined, format was requested" msgstr "¨S¦³©w¸qµn³°ipchains¨¾¤õÀð³W©w, »Ý­n®æ¦¡" #: ../response.c:82 #, c-format msgid "%s is group/world writable" msgstr "%s ¥i³Qgroup/world­×§ï" #: ../response.c:168 #, c-format msgid "Deleting packet cache entry (%s)" msgstr "§R°£¼Æ¾Ú¥]½w¦s¤¤ªº¤º®e" #: ../response.c:202 #, c-format msgid "Deleting host status entry (%s)" msgstr "§R°£¥D¾÷ª¬ºA¤¤ªº¤º®e" #: ../response.c:280 #, c-format msgid "ALERT: %d attempts from %s" msgstr "ĵ§i: ¨Ó¦Û %s ªº %d ¹Á¸Õ" #: ../utils.c:53 #, c-format msgid "" "\n" "Memory allocation error, exiting.\n" msgstr "" "\n" "´M§ä¤º¦s¦a§}¿ù»~, °h¥X.\n" #: ../utils.c:68 msgid "Exiting" msgstr "°h¥X" #: ../utils.c:77 msgid "Not executing buffer containing format string" msgstr "±a¦³®æ¦¡¦r²Å½w¦s±N¤£³Q°õ¦æ" #: ../utils.c:82 #, c-format msgid "Executing '%s'" msgstr "°õ¦æ '%s" #: ../utils.c:194 #, fuzzy, c-format msgid "" "fwlogwatch error: mode collision, please check that you didn't specify\n" " several modes on the command line or a second mode is active in the\n" " configuration file.\n" " Please use a separate configuration file for each mode or comment out " "all\n" " entries in the default configuration and use command line parameters.\n" msgstr "" "fwlogwatch¿ù»~: ¼Ò¦¡¨R¬ð, ½ÐÀˬd±z¨S¦³¦b©R¥O¦æ¤¤«ü©w¦hºØ¼Ò¦¡\n" " ©ÎªÌ¦³²Ä¤GºØ¼Ò¦¡³QÀq»{±Ò°Ê,©Î¦b°t¸m¤å¥ó¤¤¦³§_«ü©w\n" " ¹ï¤_¤£¦Pªº¼Ò¦¡½Ð¨Ï¥Î¤£¦Pªº°t¸m¤å¥ó, ©Î¨Ï¥Î©R¥O¦æ°Ñ¼Æ\n" #: ../utils.c:301 #, c-format msgid "[error]" msgstr "" #: ../utils.c:317 #, c-format msgid "IP address error: %s\n" msgstr "IP¦a§}¿ù»~: %s\n" #: ../utils.c:342 ../utils.c:353 #, c-format msgid "Error in CIDR format: %s\n" msgstr "CIDR®æ¦¡¦³¿ù»~: %s\n" #: ../utils.c:403 #, c-format msgid "(known host)\n" msgstr "(¤£©ú¥D¾÷)\n" #: ../utils.c:443 #, c-format msgid "(excluded host)\n" msgstr "(³Q±Æ°£ªº¥D¾÷)\n" #: ../whois.c:226 #, fuzzy, c-format msgid "Looking up whois info for %s(/%d) from cache\n" msgstr "¦b½w¦s¤¤¬° %s ´M§äwhois«H®§\n" #: ../whois.c:233 #, c-format msgid "Looking up whois info for %s\n" msgstr "¬° %s ´M§äwhois«H®§\n" #: ../whois.c:254 #, c-format msgid "lookup failed: %s\n" msgstr "·j¯Á¥¢±Ñ: %s\n" #: ../main.h:314 msgid "fwlogwatch summary" msgstr "" #: ../main.h:324 msgid "fwlogwatch status" msgstr "" #~ msgid "Wrong host name size\n" #~ msgstr "¥D¾÷¦Wªø«×¿ù»~\n" #, fuzzy #~ msgid "[inconsistent forward lookup]" #~ msgstr "%s [¦V«e·j¯Á: %s]" #, fuzzy #~ msgid "Interactive report mode (summary mode extension):\n" #~ msgstr "¥æ¤¬¦¡³ø§i¼Ò¦¡:\n" #, fuzzy #~ msgid " -i <count> interactive mode with report threshold\n" #~ msgstr " -i <¼Æ¶q> \t³ø§i¬y¥æ¤¬¼Ò¦¡\n" #, fuzzy #~ msgid " -T <email> address of CERT or abuse contact to send report to\n" #~ msgstr "\t-T <email> \t¦¬«H¤H¦a§} (CERT©ÎÁp¨t¤H)\n" #, fuzzy #~ msgid " -I <file> template file for report (defaults to %s)\n" #~ msgstr " -I <¤å¥ó> \t³ø§i¼ÒªO¤å¥ó\n" #~ msgid "" #~ "Reporting threshold: %d\n" #~ "\n" #~ msgstr "" #~ "³ø§i¬y: %d\n" #~ "\n" #~ msgid "Offending IP address: %s\n" #~ msgstr "¶i§ðIP¦a§}:\t%s\n" #~ msgid "Offending IP name: %s\n" #~ msgstr "¶i§ðIP¦a§}¦W:\t%s\n" #~ msgid "Target IP address: %s\n" #~ msgstr "¥Ø¼ÐIP¦a§}:\t%s\n" #~ msgid "Target IP name: %s\n" #~ msgstr "¥Ø¼ÐIP¦a§}¦W:\t%s\n" #~ msgid "Number of logged attempts: %s\n" #~ msgstr "¹Á¸Õµn³°ªº¦¸¼Æ: %s\n" #~ msgid "Start time: %s\n" #~ msgstr "¶}©l®É¶¡:\t\t%s\n" #~ msgid "End time: %s\n" #~ msgstr "µ²§ô®É¶¡: %s\n" #~ msgid "Timezone: %s\n" #~ msgstr "®É¶¡°Ï:\t\t\t %s\n" #~ msgid "Duration: %s\n" #~ msgstr "«ùÄò:\t\t\t%s\n" #~ msgid "Protocol: %s\n" #~ msgstr "¶Ç¿é¨óij:\t\t %s\n" #~ msgid "Source port: %s\n" #~ msgstr "·½ºÝ¤f:\t\t\t%s\n" #~ msgid "Destination port: %s\n" #~ msgstr "¥Ø¼ÐºÝ¤f: %s\n" #~ msgid "TCP options: %s\n" #~ msgstr "TCP¿ï¶µ: %s\n" #~ msgid "Tracking number: %s\n" #~ msgstr "Tracking¼Æ: %s\n" #~ msgid "Incident report %s-%s" #~ msgstr "¨Æ¥ó³ø§i %s-%s" #~ msgid "no SYNs" #~ msgstr "¨S¦³SYNs" #~ msgid "SYNs only" #~ msgstr "¥u¦³SYNs" #~ msgid "" #~ "\n" #~ "What do you want to change? [1-18/(o)k] " #~ msgstr "" #~ "\n" #~ "±z·Q­×§ï¤°»ò? [1-18/(o)k] " #~ msgid "New value: " #~ msgstr "·s­È:" #~ msgid "" #~ "\n" #~ "Should this report be sent? [(s)end/(m)odify/(q)uit] " #~ msgstr "" #~ "\n" #~ "¬O§_¶Ç°e³o¥÷³ø§i? [(s)end/(m)odify/(q)uit] " #, fuzzy #~ msgid "<tr><td align=\"right\">Daemon start time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>Daemon±Ò°Ê®É¶¡:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Current time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>·í«e®É¶¡:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Running time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>¹B¦æ®É¶¡:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Response mode:</td><td>Log%s%s</td></tr>\n" #~ msgstr "<tr><td>¦^À³¼Ò¦¡:</td><td>log%s%s</td></tr>\n" #, fuzzy #~ msgid "Host status: %d</td></tr>\n" #~ msgstr "<h2>¥D¾÷ª¬ºA</h2>\n" #, fuzzy #~ msgid "<tr align=\"center\"><th>count</th><th>added</th>" #~ msgstr "" #~ "<tr bgcolor=\"#%s\" align=\"center\"><td>¼Æ¶q</td><td>¥[¤J</td><td>·½IP¦a" #~ "§}</td>" #~ msgid "Authorization failed (%s)" #~ msgstr "ÀËÅç¿ù»~ (%s)" #~ msgid "" #~ "<body>\n" #~ "<h1>Authorization Required</h1>\n" #~ "</body>\n" #~ "</html>\n" #~ msgstr "" #~ "<body>\n" #~ "<h1>»Ý­n¨­¥÷ÀËÅç</h1>\n" #~ "</body>\n" #~ "</html>\n" #, fuzzy #~ msgid "<p><a href=\"/\">Reload</a>" #~ msgstr "<a href=\"/\">¨ê·s</a><br>\n" #, fuzzy #~ msgid "" #~ "<br>\n" #~ "(automatic refresh every %d seconds)</p>\n" #~ msgstr "(¨C%d¬íÄÁ«á¦Û°Ê¨ê·s)<br>\n" #, fuzzy #~ msgid "" #~ "<tr><td>Alert threshold:</td><td>%d entries</td></tr>\n" #~ "<tr><td>Discard timeout:</td><td>%s</td></tr>\n" #~ msgstr "" #~ "<tr><td>ĵ§ithreshold:</td><td>%d entries</td></tr>\n" #~ "<tr><td>¶W®É:</td><td>%d ¬í</td></tr>\n" #, fuzzy #~ msgid " -f <file> specify input file (defaults to %s)\n" #~ msgstr " -f <¤å¥ó> \t«ü©w¿é¤J¤å¥ó (¯Ê¬Ù %s) \n" #~ msgid " (defaults to '%s')\n" #~ msgstr " \t(¯Ê¬Ù¬° '%s')\n" #~ msgid " (defaults to %s)\n" #~ msgstr "\t\t \t(¯Ê¬Ù¬° %s)\n" #~ msgid "SIGHUP caught, ignoring" #~ msgstr "®·®»¨ìSIGHUP, ©¿²¤" #~ msgid "<td>Hostname</td>" #~ msgstr "<td>¥D¾÷¦W</td>" #~ msgid "<td>Destination IP address</td>" #~ msgstr "<td>¥Ø¼ÐIP¦a§}</td>" #~ msgid "<td>Protocol</td>" #~ msgstr "<td>¶Ç¿é¨óij</td>" #~ msgid "<td>Source port</td>" #~ msgstr "<td>·½ºÝ¤f</td>" #, fuzzy #~ msgid "<td>Service</td>" #~ msgstr "<td>·½</td>" #~ msgid "<td>Destination port</td>" #~ msgstr "<td>¥Ø¼ÐºÝ¤f</td>" #~ msgid "" #~ "<html>\n" #~ "<head>\n" #~ "<title>fwlogwatch status\n" #~ msgstr "" #~ "\n" #~ "\n" #~ "fwlogwatchª¬ºA\n" #~ msgid "" #~ "
\n" #~ "

fwlogwatch status

\n" #~ msgstr "" #~ "
\n" #~ "

fwlogwatchª¬ºA

\n" #~ msgid "fwlogwatch output: %s\n" #~ msgstr "fwlogwatch¿é¥X: %s\n" #~ msgid "

fwlogwatch output

\n" #~ msgstr "

fwlogwatch¿é¥X

\n" #~ msgid "startend" #~ msgstr "¶}©lend" #~ msgid "portservice" #~ msgstr "ºÝ¤fªA°È" fwlogwatch-1.4/po/PaxHeaders.8080/ja.po0000644000000000000000000000012412147420772016016 xustar000000000000000027 mtime=1369317882.372329 27 atime=1369319079.857943 30 ctime=1369319079.859943243 fwlogwatch-1.4/po/ja.po0000644000000000000000000007651512147420772015115 0ustar00rootroot00000000000000msgid "" msgstr "" "Project-Id-Version: fwlogwatch 0.5\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-05-23 15:04+0200\n" "PO-Revision-Date: 2002-03-06 00:00+0900\n" "Last-Translator: Takashi Kobayashi \n" "Language-Team: -\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=euc-jp\n" "Content-Transfer-Encoding: 8bit\n" #: ../compare.c:158 #, c-format msgid "conn_sort_up: wrong mode\n" msgstr "conn_sort_up: ´Ö°ã¤Ã¤¿¥â¡¼¥É¤Ç¤¹\n" #: ../compare.c:264 #, c-format msgid "Error in sort string: '%c', order expected, ignoring.\n" msgstr "" "¥½¡¼¥Èʸ»úÎó '%c' ¤Ç´Ö°ã¤¤¤¬¤¢¤ê¤Þ¤¹¡£½ç½ø¤¬´üÂÔ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Ìµ»ë¤·¤Þ¤¹¡£\n" #: ../compare.c:278 #, c-format msgid "Error in sort string: '%c', direction expected, ignoring.\n" msgstr "" "¥½¡¼¥Èʸ»úÎó '%c' ¤Ç´Ö°ã¤¤¤¬¤¢¤ê¤Þ¤¹¡£Êý¸þ¤¬´üÂÔ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Ìµ»ë¤·¤Þ¤¹¡£\n" #: ../compare.c:282 #, fuzzy, c-format msgid "Error in sort string, direction expected, ignoring.\n" msgstr "" "¥½¡¼¥Èʸ»úÎó '%c' ¤Ç´Ö°ã¤¤¤¬¤¢¤ê¤Þ¤¹¡£Êý¸þ¤¬´üÂÔ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Ìµ»ë¤·¤Þ¤¹¡£\n" #: ../compare.c:382 ../compare.c:384 ../modes.c:193 ../modes.c:200 #: ../modes.c:815 ../modes.c:817 ../output.c:106 ../output.c:113 #: ../output.c:193 ../output.c:202 ../output.c:380 msgid "%b %d %H:%M:%S" msgstr "" #: ../compare.c:383 #, c-format msgid "Timewarp in log file (%s" msgstr "¥¿¥¤¥à¥ï¡¼¥×ȯÀ¸: ¥í¥°¥Õ¥¡¥¤¥ë(%s" #: ../main.c:25 #, fuzzy, c-format msgid "Usage: %s [options] [input_files]\n" msgstr "»ÈÍÑË¡: %s [¥ª¥×¥·¥ç¥ó]\n" #: ../main.c:26 #, fuzzy, c-format msgid "General options:\n" msgstr "Á´ÈÌŪ¤Ê¥ª¥×¥·¥ç¥ó:\n" #: ../main.c:27 #, fuzzy, c-format msgid " -h this help\n" msgstr " -h ¤³¤Î¥Ø¥ë¥×¤òɽ¼¨¤¹¤ë\n" #: ../main.c:28 #, fuzzy, c-format msgid " -L show time of first and last log entry\n" msgstr "" " -L <¥Õ¥¡¥¤¥ë>\n" " ¥Õ¥¡¥¤¥ëÆâ¤ÎºÇ½é¤ÈºÇ¸å¤Î¥¨¥ó¥È¥ê¤Î»þ¹ï¤òɽ¼¨¤¹¤ë\n" #: ../main.c:29 #, fuzzy, c-format msgid " -V show version and copyright info\n" msgstr " -V ¥Ð¡¼¥¸¥ç¥ó¤ÈÃøºî¸¢¾ðÊó¤òɽ¼¨¤¹¤ë\n" #: ../main.c:32 #, c-format msgid "Global options:\n" msgstr "Á´ÈÌŪ¤Ê¥ª¥×¥·¥ç¥ó:\n" #: ../main.c:33 #, fuzzy, c-format msgid " -b show amount of data (sum of total packet lengths)\n" msgstr " -b ¥Ç¡¼¥¿¤Î¹ç·×(Á´ÂΤΥѥ±¥Ã¥ÈĹ¤Î¹ç·×)¤òɽ¼¨¤¹¤ë\n" #: ../main.c:34 #, fuzzy, c-format msgid " -c specify config file (defaults to %s)\n" msgstr "" " -c <¥Õ¥¡¥¤¥ë>\n" " ÀßÄê¥Õ¥¡¥¤¥ë¤ò»ØÄꤹ¤ë(¥Ç¥Õ¥©¥ë¥È %s)\n" #: ../main.c:35 #, fuzzy, c-format msgid " -D do not differentiate destination IP addresses\n" msgstr " -D °¸Àè IP ¥¢¥É¥ì¥¹¤ò¶èÊ̤·¤Ê¤¤\n" #: ../main.c:36 #, fuzzy, c-format msgid " -d differentiate destination ports\n" msgstr " -d °¸Àè¥Ý¡¼¥È¤ò¶èÊ̤¹¤ë\n" #: ../main.c:37 #, c-format msgid " -E select or exclude hosts, ports, chains and targets\n" msgstr "" #: ../main.c:38 #, c-format msgid " quick reference: -E[ie][hp][sd]\n" msgstr "" #: ../main.c:39 #, c-format msgid " -E[ie][cb]\n" msgstr "" #: ../main.c:40 #, c-format msgid " -i initialize DNS cache with entries from file\n" msgstr "" #: ../main.c:41 #, c-format msgid " -M only show this amount of entries\n" msgstr "" #: ../main.c:42 #, fuzzy, c-format msgid " -m only show entries with at least so many incidents\n" msgstr "" " -m <¥«¥¦¥ó¥È>\n" " ¾¯¤Ê¤¯¤È¤â¿¤¤»ö·ï¤Ë¸Â¤Ã¤¿¥¨¥ó¥È¥ê¤òɽ¼¨¤¹¤ë¤À¤±\n" #: ../main.c:43 #, fuzzy, c-format msgid " -N resolve service names\n" msgstr " -N ¥µ¡¼¥Ó¥¹Ì¾¤ò²ò·è¤¹¤ë\n" #: ../main.c:44 #, fuzzy, c-format msgid " -n resolve host names\n" msgstr " -n ¥Û¥¹¥È̾¤ò²ò·è¤¹¤ë\n" #: ../main.c:45 #, fuzzy, c-format msgid " -O define the sort order (see the man page for details)\n" msgstr "" " -O <½ç½ø> ʤÙÊѤ¨¤Î½ç½ø¤òÄêµÁ¤¹¤ë\n" " (¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò»²¾È)\n" #: ../main.c:46 #, fuzzy, c-format msgid "" " -P use parsers for specific formats (defaults to netfilter)\n" msgstr "" " -P <¥Õ¥©¡¼¥Þ¥Ã¥È>\n" " »ØÄê¥Õ¥©¡¼¥Þ¥Ã¥È¤ÎÁöºº¤Î¤ß¤ò»È¤¦\n" #: ../main.c:47 #, c-format msgid " i: ipchains, n: netfilter, f: ipfilter, c: cisco ios\n" msgstr "" #: ../main.c:48 #, c-format msgid "" " p: cisco pix, e: netscreen, l: lancom, s: snort, b: ipfw\n" msgstr "" #: ../main.c:49 #, fuzzy, c-format msgid " -p differentiate protocols\n" msgstr " -p ¥×¥í¥È¥³¥ë¤ò¶èÊ̤¹¤ë\n" #: ../main.c:50 #, fuzzy, c-format msgid " -s differentiate source ports\n" msgstr " -s Á÷¿®¸µ IP ¥Ý¡¼¥È¤ò¶èÊ̤¹¤ë\n" #: ../main.c:51 #, c-format msgid " -U set report and status page title and email subject\n" msgstr "" #: ../main.c:52 #, fuzzy, c-format msgid " -v verbose, specify twice for more info\n" msgstr " -v ¾éŤˤ¹¤ë¡¤£²ÅÙ»ØÄꤹ¤ë¤È¤µ¤é¤Ë¾éĹ¤Ë¤Ê¤ë\n" #: ../main.c:53 #, fuzzy, c-format msgid " -y differentiate TCP options\n" msgstr " -y TCP ¥ª¥×¥·¥ç¥ó¤ò¶èÊ̤¹¤ë\n" #: ../main.c:56 #, c-format msgid "Log summary mode (default):\n" msgstr "¥í¥°½¸·×¥â¡¼¥É (¥Ç¥Õ¥©¥ë¥È):\n" #: ../main.c:57 #, fuzzy, c-format msgid " -C <email> carbon copy recipients\n" msgstr " -C <email> ¥«¡¼¥Ü¥ó¥³¥Ô¡¼¼õ¿®¼Ô\n" #: ../main.c:58 #, fuzzy, c-format msgid " -e show end times\n" msgstr " -e ½ªÎ»»þ¹ï¤òɽ¼¨¤¹¤ë\n" #: ../main.c:59 #, fuzzy, c-format msgid " -F <email> report sender address (defaults to '%s')\n" msgstr "" " -F <email>\n" " ¥ì¥Ý¡¼¥È¤ÎÁ÷¿®¼Ô¥¢¥É¥ì¥¹\n" #: ../main.c:60 #, fuzzy, c-format msgid " -l <time> process recent events only (defaults to off)\n" msgstr "" " -l <»þ¹ï>\n" " ºÇ¶á¤Î¥¤¥Ù¥ó¥È¤Î¤ß¤ò½èÍý¤¹¤ë(¥Ç¥Õ¥©¥ë¥È off)\n" #: ../main.c:61 #, fuzzy, c-format msgid " -o <file> specify output file\n" msgstr "" " -o <¥Õ¥¡¥¤¥ë>\n" " ½ÐÎÏ¥Õ¥¡¥¤¥ë¤ò»ØÄꤹ¤ë\n" #: ../main.c:62 #, fuzzy, c-format msgid " -S do not differentiate source IP addresses\n" msgstr " -S Á÷¿®¸µ IP ¥¢¥É¥ì¥¹¤ò¶èÊ̤·¤Ê¤¤\n" #: ../main.c:63 #, fuzzy, c-format msgid " -T <email> send report by email to this address\n" msgstr "" " -F <email>\n" " ¥ì¥Ý¡¼¥È¤ÎÁ÷¿®¼Ô¥¢¥É¥ì¥¹\n" #: ../main.c:64 #, fuzzy, c-format msgid " -t show start times\n" msgstr " -t ³«»Ï»þ¹ï¤òɽ¼¨¤¹¤ë\n" #: ../main.c:65 #, fuzzy, c-format msgid " -W activate whois lookups for source addresses\n" msgstr " -W Á÷¿®¸µ¥¢¥É¥ì¥¹¤Î whois ¸¡º÷¤òÍ­¸ú¤Ë¤¹¤ë\n" #: ../main.c:66 #, fuzzy, c-format msgid " -w HTML output\n" msgstr " -w HTML ½ÐÎÏ\n" #: ../main.c:67 #, fuzzy, c-format msgid " -z show time interval\n" msgstr " -z »þ¹ï´Ö³Ö¤òɽ¼¨¤¹¤ë\n" #: ../main.c:70 #, c-format msgid "Realtime response mode:\n" msgstr "¼Â»þ´Ö±þÅú¥â¡¼¥É:\n" #: ../main.c:71 #, fuzzy, c-format msgid " -R realtime response as daemon (default action: log only)\n" msgstr "" " -R daemon¤È¤·¤Æ¼Â»þ´ÖÂбþ (¥Ç¥Õ¥©¥ë¥ÈÆ°ºî: ¥í¥°¤Î¤ß)\n" #: ../main.c:72 #, fuzzy, c-format msgid " -a <count> alert threshold (defaults to %d entries)\n" msgstr "" " -a <¥«¥¦¥ó¥È>\n" " ·Ù¹ð¤ÎïçÃÍ (¥Ç¥Õ¥©¥ë¥È %d ¥¨¥ó¥È¥ê)\n" #: ../main.c:73 #, fuzzy, c-format msgid " -l <time> forget events this old (defaults to %d hours)\n" msgstr "" " -l <time> ¤³¤ì¤è¤ê¸Å¤¤¥¤¥Ù¥ó¥È¤ò˺¤ì¤ë (¥Ç¥Õ¥©¥ë¥È %d »þ´Ö)\n" #: ../main.c:74 #, fuzzy, c-format msgid " -k <IP/net> add this IP address or net to the list of known hosts\n" msgstr "" " -k <IP/net> ´ûÃΤΥۥ¹¥È¤Î¥ê¥¹¥È¤Ë¤³¤Î IP ¥¢¥É¥ì¥¹¤Þ¤¿¤Ï net ¤òÄɲÃ" "¤¹¤ë\n" #: ../main.c:75 #, fuzzy, c-format msgid " -A invoke notification script if threshold is reached\n" msgstr " -A ïçÃͤË㤷¤¿»þ¤ËÄÌÃÎ¥¹¥¯¥ê¥×¥È¤òµ¯Æ°¤¹¤ë\n" #: ../main.c:76 #, fuzzy, c-format msgid " -B invoke response action script (e.g. block host)\n" msgstr "" " -B ±þÅú¥¹¥¯¥ê¥×¥È¤òµ¯Æ°¤¹¤ë (Î㤨¤Ð¥Û¥¹¥È¤ò¥Ö¥í¥Ã¥¯¤¹¤ë\n" #: ../main.c:77 #, fuzzy, c-format msgid " -X <port> activate internal status information web server\n" msgstr " -X ÆâÉô¾õÂ֤ξðÊó¤Î¥¦¥§¥Ö¥µ¡¼¥Ð¤òÍ­¸ú¤Ë¤¹¤ë\n" #: ../main.c:103 msgid "You can contact the author at <bw@inside-security.de>." msgstr "" #: ../main.c:105 msgid "Compile-time options of this version:" msgstr "" #: ../main.c:106 #, c-format msgid "Short name limit " msgstr "" #: ../main.c:108 ../main.c:114 ../main.c:120 ../main.c:126 msgid "enabled" msgstr "" #: ../main.c:110 ../main.c:116 ../main.c:122 ../main.c:128 msgid "disabled" msgstr "" #: ../main.c:112 #, c-format msgid "Zlib support " msgstr "" #: ../main.c:118 #, c-format msgid "Gettext (i18n) support " msgstr "" #: ../main.c:124 #, c-format msgid "GNU adns support " msgstr "" #: ../main.c:282 #, c-format msgid "Illegal inclusion/exclusion pos. 1 (expected [ie]): %s\n" msgstr "" #: ../main.c:283 ../main.c:300 ../main.c:309 ../main.c:453 #, c-format msgid "Exiting\n" msgstr "½ªÎ»\n" #: ../main.c:299 #, c-format msgid "Illegal inclusion/exclusion pos. 2 (expected [hpcb]): %s\n" msgstr "" #: ../main.c:308 #, c-format msgid "Illegal inclusion/exclusion pos. 3 (expected [sd]): %s\n" msgstr "" #: ../modes.c:108 #, c-format msgid "Using stdin as input\n" msgstr "ÆþÎϤËɸ½àÆþÎϤò»È¤¤¤Þ¤¹\n" #: ../modes.c:114 #, c-format msgid "Opening input file '%s'\n" msgstr "ÆþÎÏ¥Õ¥¡¥¤¥ë '%s' ¤ò³«¤¤¤Æ¤¤¤Þ¤¹\n" #: ../modes.c:130 #, c-format msgid "Processing\n" msgstr "½èÍýÃæ\n" #: ../modes.c:137 #, c-format msgid "Unrecognized entries or tokens can be submitted at\n" msgstr "" #: ../modes.c:146 ../modes.c:393 ../modes.c:784 ../rcfile.c:379 #, c-format msgid "Closing '%s'\n" msgstr "'%s' ¤òÊĤ¸¤Æ¤¤¤Þ¤¹\n" #: ../modes.c:175 #, c-format msgid "Sorting data\n" msgstr "¥Ç¡¼¥¿¤ÎʤÙÊѤ¨Ãæ\n" #: ../modes.c:212 #, c-format msgid "Opening output file '%s'\n" msgstr "½ÐÎÏ¥Õ¥¡¥¤¥ë '%s' ¤ò³«¤¤¤Æ¤¤¤Þ¤¹\n" #: ../modes.c:223 #, fuzzy, c-format msgid "Sending\n" msgstr "Á÷¿®Ãæ...\n" #: ../modes.c:246 ../net.c:341 ../net.c:344 msgid "%A %B %d %H:%M:%S %Z %Y" msgstr "" #: ../modes.c:247 #, c-format msgid "Generated %s by " msgstr "ºîÀ®Æü: %s, ºîÀ®¼Ô: " #: ../modes.c:257 #, c-format msgid "an unknown user.\n" msgstr "an unknown user.\n" #: ../modes.c:265 #, c-format msgid "(and %d older than %d seconds) " msgstr "(and %d older than %d seconds) " #: ../modes.c:268 #, c-format msgid "(and %d malformed) " msgstr "(and %d malformed) " #: ../modes.c:271 #, fuzzy, c-format msgid "of %d entries in the file \"%s\" are packet logs, " msgstr "of %d entries in the file " #: ../modes.c:273 #, c-format msgid "of %d entries in standard input are packet logs, " msgstr "" #: ../modes.c:275 #, fuzzy, c-format msgid "of %d entries in %d input files are packet logs, " msgstr "of %d entries in the file " #: ../modes.c:279 #, c-format msgid "one has unique characteristics.\n" msgstr "one has unique characteristics.\n" #: ../modes.c:281 #, c-format msgid "%d have unique characteristics.\n" msgstr "%d have unique characteristics.\n" #: ../modes.c:289 #, c-format msgid "One entry was excluded by configuration.\n" msgstr "£±¤Ä¤Î¥¨¥ó¥È¥ê¤¬ÀßÄê¤Ë¤è¤Ã¤Æ½ü³°¤µ¤ì¤Þ¤·¤¿¡£\n" #: ../modes.c:291 #, c-format msgid "%d entries were excluded by configuration.\n" msgstr "%d ¥¨¥ó¥È¥ê¤¬ÀßÄê¤Ë¤è¤Ã¤Æ½ü³°¤µ¤ì¤Þ¤·¤¿¡£\n" #: ../modes.c:299 #, c-format msgid "First packet log entry: %s, last: %s.\n" msgstr "ºÇ½é¤Î¥Ñ¥±¥Ã¥È¥í¥°¥¨¥ó¥È¥ê: %s, ºÇ¸å: %s\n" #: ../modes.c:301 ../modes.c:813 #, c-format msgid "No valid time entries found.\n" msgstr "Í­¸ú¤Ê»þ¹ï¥¨¥ó¥È¥ê¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó¤Ç¤·¤¿¡£\n" #: ../modes.c:308 #, c-format msgid "All entries were logged by the same host: \"%s\".\n" msgstr "¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤¬Æ±¤¸¥Û¥¹¥È \"%s\" ¤Ç¥í¥°¤µ¤ì¤Þ¤·¤¿¡£\n" #: ../modes.c:315 #, c-format msgid "All entries are from the same chain: \"%s\".\n" msgstr "¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤¬Æ±¤¸¥Á¥§¥¤¥ó \"%s\" ¤«¤éÍè¤Æ¤¤¤Þ¤¹¡£\n" #: ../modes.c:322 #, c-format msgid "All entries have the same target: \"%s\".\n" msgstr "¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤¬Æ±¤¸¥¿¡¼¥²¥Ã¥È \"%s\" ¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£\n" #: ../modes.c:329 #, c-format msgid "All entries are from the same interface: \"%s\".\n" msgstr "¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤¬Æ±¤¸¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹ \"%s\" ¤«¤éÍè¤Æ¤¤¤Þ¤¹¡£\n" #: ../modes.c:336 #, fuzzy, c-format msgid "Only entries with a count of at least %d are shown.\n" msgstr "%d °Ê¾å¤Î²ó¿ô¤Î¥¨¥ó¥È¥ê¤À¤±¤òɽ¼¨¤·¤Æ¤¤¤Þ¤¹¡£\n" #: ../modes.c:343 #, fuzzy, c-format msgid "Only the top %d entries are shown.\n" msgstr "%d °Ê¾å¤Î²ó¿ô¤Î¥¨¥ó¥È¥ê¤À¤±¤òɽ¼¨¤·¤Æ¤¤¤Þ¤¹¡£\n" #: ../modes.c:354 #, fuzzy, c-format msgid "Resolving\n" msgstr "%s ¤ò²ò·è¤·¤Æ¤¤¤Þ¤¹\n" #: ../modes.c:413 #, c-format msgid "Warning: pidfile exists, another fwlogwatch might be running.\n" msgstr "" "Warning: pidfile ¤¬Â¸ºß¤·¤Æ¤¤¤Þ¤¹¡£Â¾¤Î fwlogwatch ¤¬Æ°¤¤¤Æ¤¤¤ë¤«¤âÃΤì¤Þ¤»" "¤ó¡£\n" #: ../modes.c:427 #, fuzzy, c-format msgid "SIGHUP caught, reread configuration file %s" msgstr "SIGHUP ¤ò¼õ¤±¼è¤ê¤Þ¤·¤¿¤Î¤Ç¡¤¥í¥°¥Õ¥¡¥¤¥ë¤òºÆ¤Ó³«¤¤¤Æ¤¤¤Þ¤¹" #: ../modes.c:429 #, fuzzy, c-format msgid "SIGHUP caught, unable to reread configuration file %s" msgstr "SIGHUP ¤ò¼õ¤±¼è¤ê¤Þ¤·¤¿¤Î¤Ç¡¤¥í¥°¥Õ¥¡¥¤¥ë¤òºÆ¤Ó³«¤¤¤Æ¤¤¤Þ¤¹" #: ../modes.c:433 #, c-format msgid "Reread DNS cache file %s" msgstr "" #: ../modes.c:435 #, fuzzy, c-format msgid "Unable to reread DNS cache file %s" msgstr "SIGHUP ¤ò¼õ¤±¼è¤ê¤Þ¤·¤¿¤Î¤Ç¡¤¥í¥°¥Õ¥¡¥¤¥ë¤òºÆ¤Ó³«¤¤¤Æ¤¤¤Þ¤¹" #: ../modes.c:459 msgid "SIGUSR1 caught, reading input from stdin, no need to reopen log file" msgstr "" #: ../modes.c:461 #, fuzzy, c-format msgid "SIGUSR1 caught, reopening log file %s" msgstr "SIGHUP ¤ò¼õ¤±¼è¤ê¤Þ¤·¤¿¤Î¤Ç¡¤¥í¥°¥Õ¥¡¥¤¥ë¤òºÆ¤Ó³«¤¤¤Æ¤¤¤Þ¤¹" #: ../modes.c:533 msgid "SIGTERM caught, cleaning up" msgstr "SIGTERM ¤ò¼õ¤±¼è¤ê¤Þ¤·¤¿¤Î¤Ç¡¤Áݽü¤·¤Æ¤¤¤Þ¤¹" #: ../modes.c:615 #, c-format msgid "Starting (pid %d)" msgstr "³«»Ï¤·¤Æ¤¤¤Þ¤¹ (pid %d)" #: ../modes.c:665 msgid "User to run as was not found" msgstr "" #: ../modes.c:680 #, c-format msgid "Changed uid from %d to %d, gid from %d to %d" msgstr "" #: ../modes.c:682 #, c-format msgid "Running with uid %d, gid %d" msgstr "" #: ../modes.c:686 msgid "Alert threshold is one attempt" msgstr "Alert threshold is one attempt" #: ../modes.c:688 #, c-format msgid "Alert threshold is %d attempts" msgstr "Alert threshold is %d attempts" #: ../modes.c:692 #, c-format msgid "Events older than %d second(s) are discarded" msgstr "%d Éäè¤ê¸Å¤¤¥¤¥Ù¥ó¥È¤¬ÇË´þ¤µ¤ì¤Þ¤¹" #: ../modes.c:694 #, c-format msgid "Events older than %d hour(s) are discarded" msgstr "%d »þ´Ö¤è¤ê¸Å¤¤¥¤¥Ù¥ó¥È¤¬ÇË´þ¤µ¤ì¤Þ¤¹" #: ../modes.c:697 #, fuzzy, c-format msgid "Response mode: Log%s%s" msgstr "±þÅú¥â¡¼¥É: log%s%s" #: ../modes.c:697 ../net.c:350 msgid ", notify" msgstr ", ÄÌÃÎ" #: ../modes.c:697 ../net.c:350 msgid ", respond" msgstr ", ±þÅú" #: ../modes.c:728 #, c-format msgid "Reading standard input\n" msgstr "ɸ½àÆþÎϤòÆɤߤȤäƤ¤¤Þ¤¹\n" #: ../modes.c:744 #, c-format msgid "Reading '%s'\n" msgstr "'%s' ¤òÆɤߤȤäƤ¤¤Þ¤¹\n" #: ../modes.c:810 #, fuzzy, c-format msgid "Number of files: %d\n" msgstr "Number of logged attempts: %s\n" #: ../modes.c:811 #, fuzzy, c-format msgid "Number of lines: %d\n" msgstr "¹Ô¿ô: %d\n" #: ../modes.c:816 #, c-format msgid "First entry: %s\n" msgstr "ºÇ½é¤Î¥¨¥ó¥È¥ê: %s\n" #: ../modes.c:818 #, c-format msgid "Last entry : %s\n" msgstr "ºÇ¸å¤Î¥¨¥ó¥È¥ê: %s\n" #: ../modes.c:820 #, c-format msgid "Difference : %s\n" msgstr "" #: ../net.c:106 #, c-format msgid "Listening on %s port %i" msgstr "%s ¾å¤Î¥Ý¡¼¥È %i ¤ÇÂÔ¤Á¼õ¤±Ãæ¤Ç¤¹" #: ../net.c:109 #, c-format msgid "Connections are only allowed from %s" msgstr "" #: ../net.c:149 msgid "decode_base64: input string incomplete" msgstr "decode_base64: ÆþÎÏʸ»úÎó¤¬ÉÔ´°Á´¤Ç¤¹" #: ../net.c:156 #, c-format msgid "decode_base64: illegal character '%c' in input string" msgstr "decode_base64: ÉÔÀµ¤Êʸ»ú '%c' ¤¬ÆþÎÏʸ»úÎó¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹" #: ../net.c:191 msgid "count" msgstr "" #: ../net.c:192 msgid "added" msgstr "" #: ../net.c:194 msgid "proto" msgstr "" #: ../net.c:196 #, fuzzy msgid "bytes" msgstr " (%d ¥Ð¥¤¥È)" #: ../net.c:197 msgid "source" msgstr "" #: ../net.c:199 ../net.c:208 #, fuzzy msgid "hostname" msgstr "<td>¥Û¥¹¥È̾</td>" #: ../net.c:201 ../net.c:211 #, fuzzy msgid "port" msgstr " port %d" #: ../net.c:203 ../net.c:213 #, fuzzy msgid "service" msgstr "<td>¥µ¡¼¥Ó¥¹</td>" #: ../net.c:206 #, fuzzy msgid "destination" msgstr "<td>°¸Àè</td>" #: ../net.c:216 msgid "opts" msgstr "" #: ../net.c:217 msgid "time remaining" msgstr "" #: ../net.c:218 msgid "action" msgstr "" #: ../net.c:270 ../net.c:272 ../net.c:337 msgid "Information" msgstr "" #: ../net.c:276 ../net.c:278 ../net.c:375 msgid "Options" msgstr "" #: ../net.c:282 ../net.c:284 ../net.c:403 #, fuzzy msgid "Packet cache" msgstr "<h2>¥Ñ¥±¥Ã¥È¥­¥ã¥Ã¥·¥å</h2>\n" #: ../net.c:288 ../net.c:290 ../net.c:472 #, fuzzy msgid "Host status" msgstr "<h2>¥Û¥¹¥È¾õÂÖ</h2>\n" #: ../net.c:293 msgid "Reload" msgstr "" #: ../net.c:342 msgid "Daemon start time" msgstr "" #: ../net.c:345 msgid "Current time" msgstr "" #: ../net.c:348 msgid "Running time" msgstr "" #: ../net.c:350 msgid "Log" msgstr "" #: ../net.c:351 #, fuzzy msgid "Response mode" msgstr "±þÅú¥â¡¼¥É: log%s%s" #: ../net.c:353 msgid "Lines seen" msgstr "" #: ../net.c:354 msgid "Hits" msgstr "" #: ../net.c:355 msgid "Old/excluded/malformed" msgstr "" #: ../net.c:362 msgid "Entries in packet cache" msgstr "" #: ../net.c:369 msgid "Entries in host status" msgstr "" #: ../net.c:377 msgid "Parameter" msgstr "" #: ../net.c:379 msgid "Decrease" msgstr "" #: ../net.c:381 msgid "Current" msgstr "" #: ../net.c:383 msgid "Increase" msgstr "" #: ../net.c:385 #, fuzzy msgid "Alert threshold" msgstr "Alert threshold is one attempt" #: ../net.c:387 msgid "Discard timeout" msgstr "" #: ../net.c:388 msgid "Minimum count in packet cache" msgstr "" #: ../net.c:390 ../net.c:392 msgid "Top amount of entries in packet cache" msgstr "" #: ../net.c:395 ../net.c:397 msgid "Refresh time" msgstr "" #: ../net.c:419 ../net.c:528 msgid "%Y/%m/%d %H:%M:%S" msgstr "" #: ../net.c:456 ../net.c:558 msgid "drop" msgstr "" #: ../net.c:458 msgid "escalate" msgstr "" #: ../net.c:493 ../net.c:509 ../net.c:515 ../net.c:521 msgid "<td>any</td>" msgstr "<td>²¿¤Ç¤â</td>" #: ../net.c:503 #, fuzzy msgid "<td>(known host)</td>" msgstr "<td>¥í¥°¥Û¥¹¥È</td>" #: ../net.c:505 #, fuzzy msgid "<td>(known net)</td>" msgstr "<td>¥Ý¡¼¥È</td>" #: ../net.c:605 #, fuzzy, c-format msgid "Rejected connection from unallowed IP address %s port %i" msgstr "µö²Ä¤µ¤ì¤Æ¤¤¤Ê¤¤ ip %s ¥Ý¡¼¥È %i ¤«¤é¤Î Rejected Àܳ" #: ../net.c:614 #, c-format msgid "Connect from %s port %i" msgstr "%s ¥Ý¡¼¥È %i ¤«¤é¤ÎÀܳ" #: ../net.c:677 msgid "Authorization failed" msgstr "ǧ¾Ú¼ºÇÔ" #: ../net.c:680 #, fuzzy msgid "Authorization required" msgstr "ǧ¾Ú¼ºÇÔ" #: ../net.c:757 msgid "Bad request" msgstr "" #: ../net.c:762 msgid "Redirect" msgstr "" #: ../net.c:762 msgid "You should be redirected to the <a href=\"/\">root directory</a>" msgstr "" #: ../net.c:774 #, c-format msgid "Requested function: %s" msgstr "" #: ../net.c:777 msgid "Connection closed" msgstr "Àܳ¤¬ÊĤ¸¤Þ¤·¤¿" #: ../output.c:200 #, c-format msgid " to " msgstr " to " #: ../output.c:255 #, c-format msgid " packet" msgstr " ¥Ñ¥±¥Ã¥È " #: ../output.c:257 #, c-format msgid " packets" msgstr " ¥Ñ¥±¥Ã¥È" #: ../output.c:261 #, fuzzy, c-format msgid " (%lu bytes)" msgstr " (%d ¥Ð¥¤¥È)" #: ../output.c:264 #, c-format msgid " from %s" msgstr " from %s" #: ../output.c:280 ../output.c:293 #, c-format msgid " port %d" msgstr " port %d" #: ../output.c:286 #, c-format msgid " to %s" msgstr " to %s" #: ../output.c:313 #, fuzzy, c-format msgid "<th>start</th>" msgstr "<td>³«»Ï</td>" #: ../output.c:316 #, fuzzy, c-format msgid "<th>end</th>" msgstr "<td>½ªÎ»</td>" #: ../output.c:319 #, fuzzy, c-format msgid "<th>interval</th>" msgstr "<td>´Ö³Ö</td>" #: ../output.c:322 #, fuzzy, c-format msgid "<th>loghost</th>" msgstr "<td>¥í¥°¥Û¥¹¥È</td>" #: ../output.c:325 #, fuzzy, c-format msgid "<th>chain</th>" msgstr "<td>¥Á¥§¥¤¥ó</td>" #: ../output.c:328 #, fuzzy, c-format msgid "<th>target</th>" msgstr "<td>ÌÜɸ</td>" #: ../output.c:331 #, fuzzy, c-format msgid "<th>interface</th>" msgstr "<td>¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹</td>" #: ../output.c:334 #, fuzzy, c-format msgid "<th>proto</th>" msgstr "<td>¥×¥í¥È¥³¥ë</td>" #: ../output.c:337 #, fuzzy, c-format msgid "<th>bytes</th>" msgstr "<td>¥Ð¥¤¥È</td>" #: ../output.c:340 #, fuzzy, c-format msgid "<th>source</th>" msgstr "<td>Á÷¿®¸µ</td>" #: ../output.c:342 ../output.c:356 #, fuzzy, c-format msgid "<th>hostname</th>" msgstr "<td>¥Û¥¹¥È̾</td>" #: ../output.c:344 #, fuzzy, c-format msgid "<th>whois information</th>" msgstr "<td>whois ¾ðÊó</td>" #: ../output.c:348 ../output.c:360 #, fuzzy, c-format msgid "<th>port</th>" msgstr "<td>¥Ý¡¼¥È</td>" #: ../output.c:350 ../output.c:362 #, fuzzy, c-format msgid "<th>service</th>" msgstr "<td>¥µ¡¼¥Ó¥¹</td>" #: ../output.c:354 #, fuzzy, c-format msgid "<th>destination</th>" msgstr "<td>°¸Àè</td>" #: ../output.c:366 #, fuzzy, c-format msgid "<th>opts</th>" msgstr "<td>opts</td>" #: ../parser.c:270 #, c-format msgid "Unknown parser: '%c'.\n" msgstr "Unknown parser: '%c'.\n" #: ../rcfile.c:58 #, c-format msgid "Error in configuration file '%s' line %d: not a number\n" msgstr "" #: ../rcfile.c:87 #, c-format msgid "Error in configuration file '%s' line %d, assuming 'true'\n" msgstr "" #: ../rcfile.c:281 #, fuzzy, c-format msgid "Unrecognized option in configuration file '%s' line %d\n" msgstr "Unrecognized option in rcfile: %s" #: ../rcfile.c:332 #, fuzzy, c-format msgid "Unrecognized entry in DNS cache file '%s' line %d\n" msgstr "Unrecognized option in rcfile: %s" #: ../rcfile.c:349 #, c-format msgid "%s is not a regular file, ignoring.\n" msgstr "%s ¤ÏÄ̾ï¤Î¥Õ¥¡¥¤¥ë¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£Ìµ»ë¤·¤Þ¤¹¡£\n" #: ../rcfile.c:358 #, fuzzy, c-format msgid "Opening DNS cache file '%s'\n" msgstr "ÆþÎÏ¥Õ¥¡¥¤¥ë '%s' ¤ò³«¤¤¤Æ¤¤¤Þ¤¹\n" #: ../rcfile.c:360 #, fuzzy, c-format msgid "Opening configuration file '%s'\n" msgstr "ÆþÎÏ¥Õ¥¡¥¤¥ë '%s' ¤ò³«¤¤¤Æ¤¤¤Þ¤¹\n" #: ../resolve.c:62 #, c-format msgid "port mismatch: %d != %d\n" msgstr "¥Ý¡¼¥È¤¬°ìÃפ·¤Þ¤»¤ó: %d != %d\n" #: ../resolve.c:99 ../resolve.c:172 msgid "[timeout]" msgstr "" #: ../resolve.c:101 ../resolve.c:174 msgid "[server failure]" msgstr "" #: ../resolve.c:111 ../resolve.c:213 #, c-format msgid "Resolving %s\n" msgstr "%s ¤ò²ò·è¤·¤Æ¤¤¤Þ¤¹\n" #: ../resolve.c:122 #, c-format msgid "%s [forward lookup failed]" msgstr "%s [Á°¸þ¤­¸¡º÷¼ºÇÔ]" #: ../resolve.c:131 #, fuzzy, c-format msgid " [v4 forward lookup: %s]" msgstr "%s [Á°¸þ¤­¸¡º÷: %s]" #: ../resolve.c:138 #, fuzzy, c-format msgid " [v6 forward lookup: %s]" msgstr "%s [Á°¸þ¤­¸¡º÷: %s]" #: ../resolve.c:180 #, c-format msgid "[adns status %d]" msgstr "" #: ../resolve.c:192 msgid "[adns error]" msgstr "" #: ../resolve.c:206 ../resolve.c:354 #, c-format msgid "Resolving %s from cache\n" msgstr "¥­¥ã¥Ã¥·¥å¤«¤é %s ¤ò²ò·è¤·¤Æ¤¤¤Þ¤¹\n" #: ../resolve.c:218 #, fuzzy, c-format msgid "Resolving %s from adns\n" msgstr "¥­¥ã¥Ã¥·¥å¤«¤é %s ¤ò²ò·è¤·¤Æ¤¤¤Þ¤¹\n" #: ../resolve.c:240 #, c-format msgid "IP address %s is already in DNS cache\n" msgstr "" #: ../resolve.c:246 #, c-format msgid "Adding IP address '%s' with host name '%s' to DNS cache\n" msgstr "" #: ../resolve.c:283 #, c-format msgid "Submitted %s to adns\n" msgstr "" #: ../response.c:56 msgid "One logging ipchains firewall rule defined" msgstr "£±¤Ä¤Î¥í¥°¤µ¤ì¤ë ipchains ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥ë¡¼¥ë¤¬ÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹" #: ../response.c:58 #, c-format msgid "%u logging ipchains firewall rules defined" msgstr "%u ¤Î¥í¥°¤µ¤ì¤ë ipchains ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥ë¡¼¥ë¤¬ÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹" #: ../response.c:61 msgid "No logging ipchains firewall rules defined, format was requested" msgstr "" "¥í¥°¤µ¤ì¤ë ipchains ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥ë¡¼¥ë¤¬ÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤»¤ó\n" "¤Î¤Ç¡¤·Á¼°¤¬Í׵ᤵ¤ì¤Þ¤·¤¿" #: ../response.c:82 #, c-format msgid "%s is group/world writable" msgstr "%s ¤Ë¥°¥ë¡¼¥×/¥ï¡¼¥ë¥É¤Î½ñ¤­¹þ¤ß¸¢¸Â¤¬¤¢¤ê¤Þ¤¹" #: ../response.c:168 #, c-format msgid "Deleting packet cache entry (%s)" msgstr "¥Ñ¥±¥Ã¥È¥­¥ã¥Ã¥·¥å¥¨¥ó¥È¥ê (%s) ¤òºï½ü¤·¤Æ¤¤¤Þ¤¹" #: ../response.c:202 #, c-format msgid "Deleting host status entry (%s)" msgstr "¥Û¥¹¥È¾õÂÖ¥¨¥ó¥È¥ê (%s) ¤òºï½ü¤·¤Æ¤¤¤Þ¤¹" #: ../response.c:280 #, c-format msgid "ALERT: %d attempts from %s" msgstr "ALERT: %d attempts from %s" #: ../utils.c:53 #, c-format msgid "" "\n" "Memory allocation error, exiting.\n" msgstr "" "\n" "¥á¥â¥ê¡¼³ÎÊÝ¥¨¥é¡¼¤Ç¤¹¤Î¤Ç¡¤½ªÎ»¤·¤Þ¤¹¡£\n" #: ../utils.c:68 msgid "Exiting" msgstr "½ªÎ»¤·¤Æ¤¤¤Þ¤¹" #: ../utils.c:77 msgid "Not executing buffer containing format string" msgstr "Not executing buffer containing format string" #: ../utils.c:82 #, c-format msgid "Executing '%s'" msgstr "'%s' ¼Â¹ÔÃæ" #: ../utils.c:194 #, fuzzy, c-format msgid "" "fwlogwatch error: mode collision, please check that you didn't specify\n" " several modes on the command line or a second mode is active in the\n" " configuration file.\n" " Please use a separate configuration file for each mode or comment out " "all\n" " entries in the default configuration and use command line parameters.\n" msgstr "" "fwlogwatch error: ¥â¡¼¥É¤Î¾×Æͤ¬¤¢¤ê¤Þ¤¹¤Î¤Ç¡¤Ê£¿ô¤Î¥â¡¼¥É¤ò»ØÄꤷ¤Æ\n" " ¤¤¤Ê¤¤¤«¡¤¤Þ¤¿¤ÏÂ裲¤Î¥â¡¼¥É¤¬É¸½à¤Ç¤Þ¤¿¤Ï»ØÄꤵ¤ì¤¿ÀßÄê¥Õ¥¡¥¤¥ë¤Ç\n" " Í­¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤Ê¤¤¤«¥Á¥§¥Ã¥¯¤·¤Æ²¼¤µ¤¤¡£\n" " ¤½¤ì¤¾¤ì¤Î¥â¡¼¥ÉÍѤËʬ³ä¤·¤¿ÀßÄê¥Õ¥¡¥¤¥ë¤ò»È¤¦¤«¡¤¥Ç¥Õ¥©¥ë¥È¤ÎÀßÄê\n" " ¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤ò¥³¥á¥ó¥È¥¢¥¦¥È¤·¤Æ¥³¥Þ¥ó¥É¥é¥¤¥ó¥Ñ¥é¥á¡¼¥¿¤ò»È\n" " ¤Ã¤Æ¤¯¤À¤µ¤¤¡£\n" #: ../utils.c:301 #, c-format msgid "[error]" msgstr "" #: ../utils.c:317 #, c-format msgid "IP address error: %s\n" msgstr "IP ¥¢¥É¥ì¥¹¤Ë¥¨¥é¡¼¤¬¤¢¤ê¤Þ¤¹: %s\n" #: ../utils.c:342 ../utils.c:353 #, c-format msgid "Error in CIDR format: %s\n" msgstr "CIDR¥Õ¥©¡¼¥Þ¥Ã¥È¤Ë¥¨¥é¡¼¤¬¤¢¤ê¤Þ¤¹: %s\n" #: ../utils.c:403 #, c-format msgid "(known host)\n" msgstr "(´ûÃΤΥۥ¹¥È)\n" #: ../utils.c:443 #, c-format msgid "(excluded host)\n" msgstr "(½ü³°¤¹¤ë¥Û¥¹¥È)\n" #: ../whois.c:226 #, fuzzy, c-format msgid "Looking up whois info for %s(/%d) from cache\n" msgstr "¥­¥ã¥Ã¥·¥å¤«¤é %s ¤Î whois ¾ðÊó¤ò¸¡º÷¤·¤Æ¤¤¤Þ¤¹\n" #: ../whois.c:233 #, c-format msgid "Looking up whois info for %s\n" msgstr "%s ¤Î whois ¾ðÊó¤ò¸¡º÷¤·¤Æ¤¤¤Þ¤¹\n" #: ../whois.c:254 #, c-format msgid "lookup failed: %s\n" msgstr "¸¡º÷¤Ë¼ºÇÔ: %s\n" #: ../main.h:314 msgid "fwlogwatch summary" msgstr "fwlogwatch ¤Î°ìÍ÷" #: ../main.h:324 msgid "fwlogwatch status" msgstr "fwlogwatch ¤Î¾õÂÖ" #~ msgid "Wrong host name size\n" #~ msgstr "´Ö°ã¤Ã¤¿¥Û¥¹¥È̾¤Î¥µ¥¤¥º¤Ç¤¹\n" #, fuzzy #~ msgid "[inconsistent forward lookup]" #~ msgstr "%s [Á°¸þ¤­¸¡º÷: %s]" #, fuzzy #~ msgid "Interactive report mode (summary mode extension):\n" #~ msgstr "ÂÐÏÃ¥ì¥Ý¡¼¥È¥â¡¼¥É:\n" #, fuzzy #~ msgid " -i <count> interactive mode with report threshold\n" #~ msgstr "" #~ " -i <¥«¥¦¥ó¥È>\n" #~ " ¥ì¥Ý¡¼¥È¤¹¤ëïçÃͤòÉղä·¤¿ÂÐÏå⡼¥É\n" #, fuzzy #~ msgid " -T <email> address of CERT or abuse contact to send report to\n" #~ msgstr "" #~ " -T <email> ¥ì¥Ý¡¼¥È¤òÁ÷ÉÕ¤¹¤ë CERT ¤Þ¤¿¤ÏÉÔÀµÍøÍÑÂбþ´Ø·¸¼Ô¤Î¥¢" #~ "¥É¥ì¥¹\n" #, fuzzy #~ msgid " -I <file> template file for report (defaults to %s)\n" #~ msgstr "" #~ " -I <¥Õ¥¡¥¤¥ë>\n" #~ " ¥ì¥Ý¡¼¥È¤Î¥Æ¥ó¥×¥ì¡¼¥È¥Õ¥¡¥¤¥ë\n" #~ msgid "" #~ "Reporting threshold: %d\n" #~ "\n" #~ msgstr "" #~ "¥ì¥Ý¡¼¥È¤ÎïçÃÍ: %d\n" #~ "\n" #~ msgid "Offending IP address: %s\n" #~ msgstr "Offending IP address: %s\n" #~ msgid "Offending IP name: %s\n" #~ msgstr "Offending IP name: %s\n" #~ msgid "Target IP address: %s\n" #~ msgstr "Target IP address: %s\n" #~ msgid "Target IP name: %s\n" #~ msgstr "Target IP name: %s\n" #~ msgid "Number of logged attempts: %s\n" #~ msgstr "Number of logged attempts: %s\n" #~ msgid "Start time: %s\n" #~ msgstr "Start time: %s\n" #~ msgid "End time: %s\n" #~ msgstr "End time: %s\n" #~ msgid "Timezone: %s\n" #~ msgstr "Timezone: %s\n" #~ msgid "Duration: %s\n" #~ msgstr "Duration: %s\n" #~ msgid "Protocol: %s\n" #~ msgstr "Protocol: %s\n" #~ msgid "Source port: %s\n" #~ msgstr "Source port: %s\n" #~ msgid "Destination port: %s\n" #~ msgstr "Destination port: %s\n" #~ msgid "TCP options: %s\n" #~ msgstr "TCP options: %s\n" #~ msgid "Tracking number: %s\n" #~ msgstr "Tracking number: %s\n" #~ msgid "Incident report %s-%s" #~ msgstr "¥¤¥ó¥·¥Ç¥ó¥È¥ì¥Ý¡¼¥È %s-%s" #~ msgid "%d (unknown)" #~ msgstr "%d (ÉÔÌÀ)" #~ msgid "no SYNs" #~ msgstr "SYN ¤Ê¤·" #~ msgid "SYNs only" #~ msgstr "SYN ¤Î¤ß" #~ msgid "" #~ "\n" #~ "What do you want to change? [1-18/(o)k] " #~ msgstr "" #~ "\n" #~ "²¿¤òÊѹ¹¤·¤¿¤¤¤Ç¤¹¤«¡© [1-18/(o)k] " #~ msgid "New value: " #~ msgstr "¿·¤·¤¤ÃÍ: " #~ msgid "" #~ "\n" #~ "Should this report be sent? [(s)end/(m)odify/(q)uit] " #~ msgstr "" #~ "\n" #~ "¤³¤Î¥ì¥Ý¡¼¥È¤òÁ÷¿®¤·¤Æ¤â¤è¤í¤·¤¤¤Ç¤·¤ç¤¦¤«¡© [(s)end/(m)odify/(q)uit] " #~ msgid " -f <file> specify input file (defaults to %s)\n" #~ msgstr "" #~ " -f <¥Õ¥¡¥¤¥ë>\n" #~ " ÆþÎÏ¥Õ¥¡¥¤¥ë¤ò»ØÄꤹ¤ë(¥Ç¥Õ¥©¥ë¥È %s)\n" #~ msgid " (defaults to '%s')\n" #~ msgstr " (¥Ç¥Õ¥©¥ë¥È '%s')\n" #~ msgid " (defaults to %s)\n" #~ msgstr " (¥Ç¥Õ¥©¥ë¥È %s)\n" #~ msgid "\"%s\" are packet logs, " #~ msgstr "\"%s\" ¤¬¥Ñ¥±¥Ã¥È¥í¥°¤Ç¡¤" #~ msgid "SIGHUP caught, ignoring" #~ msgstr "SIGHUP ¤ò¼õ¤±¼è¤ê¤Þ¤·¤¿¤¬¡¤Ìµ»ë¤·¤Þ¤¹" #~ msgid "" #~ "<tr bgcolor=\"#%s\" align=\"center\"><td>Count</td><td>Added</" #~ "td><td>Source IP address</td>" #~ msgstr "" #~ "<tr bgcolor=\"#%s\" align=\"center\"><td>Count</td><td>Added</td><td>Á÷¿®" #~ "¸µIP ¥¢¥É¥ì¥¹</td>" #~ msgid "<td>Hostname</td>" #~ msgstr "<td>¥Û¥¹¥È̾</td>" #~ msgid "<td>Destination IP address</td>" #~ msgstr "<td>°¸Àè IP ¥¢¥É¥ì¥¹</td>" #~ msgid "<td>Protocol</td>" #~ msgstr "<td>¥×¥í¥È¥³¥ë</td>" #~ msgid "<td>Source port</td>" #~ msgstr "<td>Á÷¿®¸µ¥Ý¡¼¥È</td>" #~ msgid "<td>Service</td>" #~ msgstr "<td>¥µ¡¼¥Ó¥¹</td>" #~ msgid "<td>Destination port</td>" #~ msgstr "<td>°¸Àè¥Ý¡¼¥È</td>" #~ msgid "<td>Remaining time</td></tr>\n" #~ msgstr "<td>»Ä¤ê»þ´Ö</td></tr>\n" #~ msgid "Authorization failed (%s)" #~ msgstr "ǧ¾Ú¼ºÇÔ (%s)" #~ msgid "<a href=\"/\">Reload</a><br>\n" #~ msgstr "<a href=\"/\">¹¹¿·</a><br>\n" #~ msgid "(automatic refresh every %d seconds)<br>\n" #~ msgstr "(%d ÉÃËè¤Ë¼«Æ°¹¹¿·)<br>\n" #~ msgid "" #~ "\n" #~ "</div>\n" #~ "<h2>General information</h2>\n" #~ msgstr "" #~ "\n" #~ "</div>\n" #~ "<h2>Á´ÂÎŪ¤Ê¾ðÊó</h2>\n" #~ msgid "<tr><td>Daemon start time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>Daemon ³«»Ï»þ¹ï:</td><td>%s</td></tr>\n" #~ msgid "<tr><td>Current time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>¸½ºß»þ¹ï:</td><td>%s</td></tr>\n" #~ msgid "<tr><td>Running time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>Æ°ºî»þ´Ö:</td><td>%s</td></tr>\n" #~ msgid "" #~ "<tr><td>Alert threshold:</td><td>%d entries</td></tr>\n" #~ "<tr><td>Discard timeout:</td><td>%d seconds</td></tr>\n" #~ msgstr "" #~ "<tr><td>·Ù¹ð¤ÎïçÃÍ:</td><td>%d ¥¨¥ó¥È¥ê</td></tr>\n" #~ "<tr><td>ÇË´þ¤¹¤ëÂÔ¤Á»þ´Ö:</td><td>%d ÉÃ</td></tr>\n" #~ msgid "<tr><td>Response mode:</td><td>log%s%s</td></tr>\n" #~ msgstr "<tr><td>±þÅú¥â¡¼¥É:</td><td>log%s%s</td></tr>\n" #~ msgid "<td>-</td><td>%s/%d (known host/net)</td>" #~ msgstr "<td>-</td><td>%s/%d (´ûÃΤΥۥ¹¥È/net)</td>" �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/PaxHeaders.8080/fwlogwatch.pot����������������������������������������������������0000644�0000000�0000000�00000000124�12147420772�017755� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1369317882.372329 27 atime=1369319079.855943 30 ctime=1369319079.856943266 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/fwlogwatch.pot��������������������������������������������������������������������0000644�0000000�0000000�00000047001�12147420772�017040� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-05-23 15:04+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #: ../compare.c:158 #, c-format msgid "conn_sort_up: wrong mode\n" msgstr "" #: ../compare.c:264 #, c-format msgid "Error in sort string: '%c', order expected, ignoring.\n" msgstr "" #: ../compare.c:278 #, c-format msgid "Error in sort string: '%c', direction expected, ignoring.\n" msgstr "" #: ../compare.c:282 #, c-format msgid "Error in sort string, direction expected, ignoring.\n" msgstr "" #: ../compare.c:382 ../compare.c:384 ../modes.c:193 ../modes.c:200 #: ../modes.c:815 ../modes.c:817 ../output.c:106 ../output.c:113 #: ../output.c:193 ../output.c:202 ../output.c:380 msgid "%b %d %H:%M:%S" msgstr "" #: ../compare.c:383 #, c-format msgid "Timewarp in log file (%s" msgstr "" #: ../main.c:25 #, c-format msgid "Usage: %s [options] [input_files]\n" msgstr "" #: ../main.c:26 #, c-format msgid "General options:\n" msgstr "" #: ../main.c:27 #, c-format msgid " -h this help\n" msgstr "" #: ../main.c:28 #, c-format msgid " -L show time of first and last log entry\n" msgstr "" #: ../main.c:29 #, c-format msgid " -V show version and copyright info\n" msgstr "" #: ../main.c:32 #, c-format msgid "Global options:\n" msgstr "" #: ../main.c:33 #, c-format msgid " -b show amount of data (sum of total packet lengths)\n" msgstr "" #: ../main.c:34 #, c-format msgid " -c <file> specify config file (defaults to %s)\n" msgstr "" #: ../main.c:35 #, c-format msgid " -D do not differentiate destination IP addresses\n" msgstr "" #: ../main.c:36 #, c-format msgid " -d differentiate destination ports\n" msgstr "" #: ../main.c:37 #, c-format msgid " -E <format> select or exclude hosts, ports, chains and targets\n" msgstr "" #: ../main.c:38 #, c-format msgid " quick reference: -E[ie][hp][sd]<ip/number>\n" msgstr "" #: ../main.c:39 #, c-format msgid " -E[ie][cb]<name>\n" msgstr "" #: ../main.c:40 #, c-format msgid " -i <file> initialize DNS cache with entries from file\n" msgstr "" #: ../main.c:41 #, c-format msgid " -M <number> only show this amount of entries\n" msgstr "" #: ../main.c:42 #, c-format msgid " -m <count> only show entries with at least so many incidents\n" msgstr "" #: ../main.c:43 #, c-format msgid " -N resolve service names\n" msgstr "" #: ../main.c:44 #, c-format msgid " -n resolve host names\n" msgstr "" #: ../main.c:45 #, c-format msgid " -O <order> define the sort order (see the man page for details)\n" msgstr "" #: ../main.c:46 #, c-format msgid "" " -P <format> use parsers for specific formats (defaults to netfilter)\n" msgstr "" #: ../main.c:47 #, c-format msgid " i: ipchains, n: netfilter, f: ipfilter, c: cisco ios\n" msgstr "" #: ../main.c:48 #, c-format msgid "" " p: cisco pix, e: netscreen, l: lancom, s: snort, b: ipfw\n" msgstr "" #: ../main.c:49 #, c-format msgid " -p differentiate protocols\n" msgstr "" #: ../main.c:50 #, c-format msgid " -s differentiate source ports\n" msgstr "" #: ../main.c:51 #, c-format msgid " -U <title> set report and status page title and email subject\n" msgstr "" #: ../main.c:52 #, c-format msgid " -v verbose, specify twice for more info\n" msgstr "" #: ../main.c:53 #, c-format msgid " -y differentiate TCP options\n" msgstr "" #: ../main.c:56 #, c-format msgid "Log summary mode (default):\n" msgstr "" #: ../main.c:57 #, c-format msgid " -C <email> carbon copy recipients\n" msgstr "" #: ../main.c:58 #, c-format msgid " -e show end times\n" msgstr "" #: ../main.c:59 #, c-format msgid " -F <email> report sender address (defaults to '%s')\n" msgstr "" #: ../main.c:60 #, c-format msgid " -l <time> process recent events only (defaults to off)\n" msgstr "" #: ../main.c:61 #, c-format msgid " -o <file> specify output file\n" msgstr "" #: ../main.c:62 #, c-format msgid " -S do not differentiate source IP addresses\n" msgstr "" #: ../main.c:63 #, c-format msgid " -T <email> send report by email to this address\n" msgstr "" #: ../main.c:64 #, c-format msgid " -t show start times\n" msgstr "" #: ../main.c:65 #, c-format msgid " -W activate whois lookups for source addresses\n" msgstr "" #: ../main.c:66 #, c-format msgid " -w HTML output\n" msgstr "" #: ../main.c:67 #, c-format msgid " -z show time interval\n" msgstr "" #: ../main.c:70 #, c-format msgid "Realtime response mode:\n" msgstr "" #: ../main.c:71 #, c-format msgid " -R realtime response as daemon (default action: log only)\n" msgstr "" #: ../main.c:72 #, c-format msgid " -a <count> alert threshold (defaults to %d entries)\n" msgstr "" #: ../main.c:73 #, c-format msgid " -l <time> forget events this old (defaults to %d hours)\n" msgstr "" #: ../main.c:74 #, c-format msgid " -k <IP/net> add this IP address or net to the list of known hosts\n" msgstr "" #: ../main.c:75 #, c-format msgid " -A invoke notification script if threshold is reached\n" msgstr "" #: ../main.c:76 #, c-format msgid " -B invoke response action script (e.g. block host)\n" msgstr "" #: ../main.c:77 #, c-format msgid " -X <port> activate internal status information web server\n" msgstr "" #: ../main.c:103 msgid "You can contact the author at <bw@inside-security.de>." msgstr "" #: ../main.c:105 msgid "Compile-time options of this version:" msgstr "" #: ../main.c:106 #, c-format msgid "Short name limit " msgstr "" #: ../main.c:108 ../main.c:114 ../main.c:120 ../main.c:126 msgid "enabled" msgstr "" #: ../main.c:110 ../main.c:116 ../main.c:122 ../main.c:128 msgid "disabled" msgstr "" #: ../main.c:112 #, c-format msgid "Zlib support " msgstr "" #: ../main.c:118 #, c-format msgid "Gettext (i18n) support " msgstr "" #: ../main.c:124 #, c-format msgid "GNU adns support " msgstr "" #: ../main.c:282 #, c-format msgid "Illegal inclusion/exclusion pos. 1 (expected [ie]): %s\n" msgstr "" #: ../main.c:283 ../main.c:300 ../main.c:309 ../main.c:453 #, c-format msgid "Exiting\n" msgstr "" #: ../main.c:299 #, c-format msgid "Illegal inclusion/exclusion pos. 2 (expected [hpcb]): %s\n" msgstr "" #: ../main.c:308 #, c-format msgid "Illegal inclusion/exclusion pos. 3 (expected [sd]): %s\n" msgstr "" #: ../modes.c:108 #, c-format msgid "Using stdin as input\n" msgstr "" #: ../modes.c:114 #, c-format msgid "Opening input file '%s'\n" msgstr "" #: ../modes.c:130 #, c-format msgid "Processing\n" msgstr "" #: ../modes.c:137 #, c-format msgid "Unrecognized entries or tokens can be submitted at\n" msgstr "" #: ../modes.c:146 ../modes.c:393 ../modes.c:784 ../rcfile.c:379 #, c-format msgid "Closing '%s'\n" msgstr "" #: ../modes.c:175 #, c-format msgid "Sorting data\n" msgstr "" #: ../modes.c:212 #, c-format msgid "Opening output file '%s'\n" msgstr "" #: ../modes.c:223 #, c-format msgid "Sending\n" msgstr "" #: ../modes.c:246 ../net.c:341 ../net.c:344 msgid "%A %B %d %H:%M:%S %Z %Y" msgstr "" #: ../modes.c:247 #, c-format msgid "Generated %s by " msgstr "" #: ../modes.c:257 #, c-format msgid "an unknown user.\n" msgstr "" #: ../modes.c:265 #, c-format msgid "(and %d older than %d seconds) " msgstr "" #: ../modes.c:268 #, c-format msgid "(and %d malformed) " msgstr "" #: ../modes.c:271 #, c-format msgid "of %d entries in the file \"%s\" are packet logs, " msgstr "" #: ../modes.c:273 #, c-format msgid "of %d entries in standard input are packet logs, " msgstr "" #: ../modes.c:275 #, c-format msgid "of %d entries in %d input files are packet logs, " msgstr "" #: ../modes.c:279 #, c-format msgid "one has unique characteristics.\n" msgstr "" #: ../modes.c:281 #, c-format msgid "%d have unique characteristics.\n" msgstr "" #: ../modes.c:289 #, c-format msgid "One entry was excluded by configuration.\n" msgstr "" #: ../modes.c:291 #, c-format msgid "%d entries were excluded by configuration.\n" msgstr "" #: ../modes.c:299 #, c-format msgid "First packet log entry: %s, last: %s.\n" msgstr "" #: ../modes.c:301 ../modes.c:813 #, c-format msgid "No valid time entries found.\n" msgstr "" #: ../modes.c:308 #, c-format msgid "All entries were logged by the same host: \"%s\".\n" msgstr "" #: ../modes.c:315 #, c-format msgid "All entries are from the same chain: \"%s\".\n" msgstr "" #: ../modes.c:322 #, c-format msgid "All entries have the same target: \"%s\".\n" msgstr "" #: ../modes.c:329 #, c-format msgid "All entries are from the same interface: \"%s\".\n" msgstr "" #: ../modes.c:336 #, c-format msgid "Only entries with a count of at least %d are shown.\n" msgstr "" #: ../modes.c:343 #, c-format msgid "Only the top %d entries are shown.\n" msgstr "" #: ../modes.c:354 #, c-format msgid "Resolving\n" msgstr "" #: ../modes.c:413 #, c-format msgid "Warning: pidfile exists, another fwlogwatch might be running.\n" msgstr "" #: ../modes.c:427 #, c-format msgid "SIGHUP caught, reread configuration file %s" msgstr "" #: ../modes.c:429 #, c-format msgid "SIGHUP caught, unable to reread configuration file %s" msgstr "" #: ../modes.c:433 #, c-format msgid "Reread DNS cache file %s" msgstr "" #: ../modes.c:435 #, c-format msgid "Unable to reread DNS cache file %s" msgstr "" #: ../modes.c:459 msgid "SIGUSR1 caught, reading input from stdin, no need to reopen log file" msgstr "" #: ../modes.c:461 #, c-format msgid "SIGUSR1 caught, reopening log file %s" msgstr "" #: ../modes.c:533 msgid "SIGTERM caught, cleaning up" msgstr "" #: ../modes.c:615 #, c-format msgid "Starting (pid %d)" msgstr "" #: ../modes.c:665 msgid "User to run as was not found" msgstr "" #: ../modes.c:680 #, c-format msgid "Changed uid from %d to %d, gid from %d to %d" msgstr "" #: ../modes.c:682 #, c-format msgid "Running with uid %d, gid %d" msgstr "" #: ../modes.c:686 msgid "Alert threshold is one attempt" msgstr "" #: ../modes.c:688 #, c-format msgid "Alert threshold is %d attempts" msgstr "" #: ../modes.c:692 #, c-format msgid "Events older than %d second(s) are discarded" msgstr "" #: ../modes.c:694 #, c-format msgid "Events older than %d hour(s) are discarded" msgstr "" #: ../modes.c:697 #, c-format msgid "Response mode: Log%s%s" msgstr "" #: ../modes.c:697 ../net.c:350 msgid ", notify" msgstr "" #: ../modes.c:697 ../net.c:350 msgid ", respond" msgstr "" #: ../modes.c:728 #, c-format msgid "Reading standard input\n" msgstr "" #: ../modes.c:744 #, c-format msgid "Reading '%s'\n" msgstr "" #: ../modes.c:810 #, c-format msgid "Number of files: %d\n" msgstr "" #: ../modes.c:811 #, c-format msgid "Number of lines: %d\n" msgstr "" #: ../modes.c:816 #, c-format msgid "First entry: %s\n" msgstr "" #: ../modes.c:818 #, c-format msgid "Last entry : %s\n" msgstr "" #: ../modes.c:820 #, c-format msgid "Difference : %s\n" msgstr "" #: ../net.c:106 #, c-format msgid "Listening on %s port %i" msgstr "" #: ../net.c:109 #, c-format msgid "Connections are only allowed from %s" msgstr "" #: ../net.c:149 msgid "decode_base64: input string incomplete" msgstr "" #: ../net.c:156 #, c-format msgid "decode_base64: illegal character '%c' in input string" msgstr "" #: ../net.c:191 msgid "count" msgstr "" #: ../net.c:192 msgid "added" msgstr "" #: ../net.c:194 msgid "proto" msgstr "" #: ../net.c:196 msgid "bytes" msgstr "" #: ../net.c:197 msgid "source" msgstr "" #: ../net.c:199 ../net.c:208 msgid "hostname" msgstr "" #: ../net.c:201 ../net.c:211 msgid "port" msgstr "" #: ../net.c:203 ../net.c:213 msgid "service" msgstr "" #: ../net.c:206 msgid "destination" msgstr "" #: ../net.c:216 msgid "opts" msgstr "" #: ../net.c:217 msgid "time remaining" msgstr "" #: ../net.c:218 msgid "action" msgstr "" #: ../net.c:270 ../net.c:272 ../net.c:337 msgid "Information" msgstr "" #: ../net.c:276 ../net.c:278 ../net.c:375 msgid "Options" msgstr "" #: ../net.c:282 ../net.c:284 ../net.c:403 msgid "Packet cache" msgstr "" #: ../net.c:288 ../net.c:290 ../net.c:472 msgid "Host status" msgstr "" #: ../net.c:293 msgid "Reload" msgstr "" #: ../net.c:342 msgid "Daemon start time" msgstr "" #: ../net.c:345 msgid "Current time" msgstr "" #: ../net.c:348 msgid "Running time" msgstr "" #: ../net.c:350 msgid "Log" msgstr "" #: ../net.c:351 msgid "Response mode" msgstr "" #: ../net.c:353 msgid "Lines seen" msgstr "" #: ../net.c:354 msgid "Hits" msgstr "" #: ../net.c:355 msgid "Old/excluded/malformed" msgstr "" #: ../net.c:362 msgid "Entries in packet cache" msgstr "" #: ../net.c:369 msgid "Entries in host status" msgstr "" #: ../net.c:377 msgid "Parameter" msgstr "" #: ../net.c:379 msgid "Decrease" msgstr "" #: ../net.c:381 msgid "Current" msgstr "" #: ../net.c:383 msgid "Increase" msgstr "" #: ../net.c:385 msgid "Alert threshold" msgstr "" #: ../net.c:387 msgid "Discard timeout" msgstr "" #: ../net.c:388 msgid "Minimum count in packet cache" msgstr "" #: ../net.c:390 ../net.c:392 msgid "Top amount of entries in packet cache" msgstr "" #: ../net.c:395 ../net.c:397 msgid "Refresh time" msgstr "" #: ../net.c:419 ../net.c:528 msgid "%Y/%m/%d %H:%M:%S" msgstr "" #: ../net.c:456 ../net.c:558 msgid "drop" msgstr "" #: ../net.c:458 msgid "escalate" msgstr "" #: ../net.c:493 ../net.c:509 ../net.c:515 ../net.c:521 msgid "<td>any</td>" msgstr "" #: ../net.c:503 msgid "<td>(known host)</td>" msgstr "" #: ../net.c:505 msgid "<td>(known net)</td>" msgstr "" #: ../net.c:605 #, c-format msgid "Rejected connection from unallowed IP address %s port %i" msgstr "" #: ../net.c:614 #, c-format msgid "Connect from %s port %i" msgstr "" #: ../net.c:677 msgid "Authorization failed" msgstr "" #: ../net.c:680 msgid "Authorization required" msgstr "" #: ../net.c:757 msgid "Bad request" msgstr "" #: ../net.c:762 msgid "Redirect" msgstr "" #: ../net.c:762 msgid "You should be redirected to the <a href=\"/\">root directory</a>" msgstr "" #: ../net.c:774 #, c-format msgid "Requested function: %s" msgstr "" #: ../net.c:777 msgid "Connection closed" msgstr "" #: ../output.c:200 #, c-format msgid " to " msgstr "" #: ../output.c:255 #, c-format msgid " packet" msgstr "" #: ../output.c:257 #, c-format msgid " packets" msgstr "" #: ../output.c:261 #, c-format msgid " (%lu bytes)" msgstr "" #: ../output.c:264 #, c-format msgid " from %s" msgstr "" #: ../output.c:280 ../output.c:293 #, c-format msgid " port %d" msgstr "" #: ../output.c:286 #, c-format msgid " to %s" msgstr "" #: ../output.c:313 #, c-format msgid "<th>start</th>" msgstr "" #: ../output.c:316 #, c-format msgid "<th>end</th>" msgstr "" #: ../output.c:319 #, c-format msgid "<th>interval</th>" msgstr "" #: ../output.c:322 #, c-format msgid "<th>loghost</th>" msgstr "" #: ../output.c:325 #, c-format msgid "<th>chain</th>" msgstr "" #: ../output.c:328 #, c-format msgid "<th>target</th>" msgstr "" #: ../output.c:331 #, c-format msgid "<th>interface</th>" msgstr "" #: ../output.c:334 #, c-format msgid "<th>proto</th>" msgstr "" #: ../output.c:337 #, c-format msgid "<th>bytes</th>" msgstr "" #: ../output.c:340 #, c-format msgid "<th>source</th>" msgstr "" #: ../output.c:342 ../output.c:356 #, c-format msgid "<th>hostname</th>" msgstr "" #: ../output.c:344 #, c-format msgid "<th>whois information</th>" msgstr "" #: ../output.c:348 ../output.c:360 #, c-format msgid "<th>port</th>" msgstr "" #: ../output.c:350 ../output.c:362 #, c-format msgid "<th>service</th>" msgstr "" #: ../output.c:354 #, c-format msgid "<th>destination</th>" msgstr "" #: ../output.c:366 #, c-format msgid "<th>opts</th>" msgstr "" #: ../parser.c:270 #, c-format msgid "Unknown parser: '%c'.\n" msgstr "" #: ../rcfile.c:58 #, c-format msgid "Error in configuration file '%s' line %d: not a number\n" msgstr "" #: ../rcfile.c:87 #, c-format msgid "Error in configuration file '%s' line %d, assuming 'true'\n" msgstr "" #: ../rcfile.c:281 #, c-format msgid "Unrecognized option in configuration file '%s' line %d\n" msgstr "" #: ../rcfile.c:332 #, c-format msgid "Unrecognized entry in DNS cache file '%s' line %d\n" msgstr "" #: ../rcfile.c:349 #, c-format msgid "%s is not a regular file, ignoring.\n" msgstr "" #: ../rcfile.c:358 #, c-format msgid "Opening DNS cache file '%s'\n" msgstr "" #: ../rcfile.c:360 #, c-format msgid "Opening configuration file '%s'\n" msgstr "" #: ../resolve.c:62 #, c-format msgid "port mismatch: %d != %d\n" msgstr "" #: ../resolve.c:99 ../resolve.c:172 msgid "[timeout]" msgstr "" #: ../resolve.c:101 ../resolve.c:174 msgid "[server failure]" msgstr "" #: ../resolve.c:111 ../resolve.c:213 #, c-format msgid "Resolving %s\n" msgstr "" #: ../resolve.c:122 #, c-format msgid "%s [forward lookup failed]" msgstr "" #: ../resolve.c:131 #, c-format msgid " [v4 forward lookup: %s]" msgstr "" #: ../resolve.c:138 #, c-format msgid " [v6 forward lookup: %s]" msgstr "" #: ../resolve.c:180 #, c-format msgid "[adns status %d]" msgstr "" #: ../resolve.c:192 msgid "[adns error]" msgstr "" #: ../resolve.c:206 ../resolve.c:354 #, c-format msgid "Resolving %s from cache\n" msgstr "" #: ../resolve.c:218 #, c-format msgid "Resolving %s from adns\n" msgstr "" #: ../resolve.c:240 #, c-format msgid "IP address %s is already in DNS cache\n" msgstr "" #: ../resolve.c:246 #, c-format msgid "Adding IP address '%s' with host name '%s' to DNS cache\n" msgstr "" #: ../resolve.c:283 #, c-format msgid "Submitted %s to adns\n" msgstr "" #: ../response.c:56 msgid "One logging ipchains firewall rule defined" msgstr "" #: ../response.c:58 #, c-format msgid "%u logging ipchains firewall rules defined" msgstr "" #: ../response.c:61 msgid "No logging ipchains firewall rules defined, format was requested" msgstr "" #: ../response.c:82 #, c-format msgid "%s is group/world writable" msgstr "" #: ../response.c:168 #, c-format msgid "Deleting packet cache entry (%s)" msgstr "" #: ../response.c:202 #, c-format msgid "Deleting host status entry (%s)" msgstr "" #: ../response.c:280 #, c-format msgid "ALERT: %d attempts from %s" msgstr "" #: ../utils.c:53 #, c-format msgid "" "\n" "Memory allocation error, exiting.\n" msgstr "" #: ../utils.c:68 msgid "Exiting" msgstr "" #: ../utils.c:77 msgid "Not executing buffer containing format string" msgstr "" #: ../utils.c:82 #, c-format msgid "Executing '%s'" msgstr "" #: ../utils.c:194 #, c-format msgid "" "fwlogwatch error: mode collision, please check that you didn't specify\n" " several modes on the command line or a second mode is active in the\n" " configuration file.\n" " Please use a separate configuration file for each mode or comment out " "all\n" " entries in the default configuration and use command line parameters.\n" msgstr "" #: ../utils.c:301 #, c-format msgid "[error]" msgstr "" #: ../utils.c:317 #, c-format msgid "IP address error: %s\n" msgstr "" #: ../utils.c:342 ../utils.c:353 #, c-format msgid "Error in CIDR format: %s\n" msgstr "" #: ../utils.c:403 #, c-format msgid "(known host)\n" msgstr "" #: ../utils.c:443 #, c-format msgid "(excluded host)\n" msgstr "" #: ../whois.c:226 #, c-format msgid "Looking up whois info for %s(/%d) from cache\n" msgstr "" #: ../whois.c:233 #, c-format msgid "Looking up whois info for %s\n" msgstr "" #: ../whois.c:254 #, c-format msgid "lookup failed: %s\n" msgstr "" #: ../main.h:314 msgid "fwlogwatch summary" msgstr "" #: ../main.h:324 msgid "fwlogwatch status" msgstr "" �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/PaxHeaders.8080/sv.po�������������������������������������������������������������0000644�0000000�0000000�00000000124�12147420772�016054� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1369317882.372329 27 atime=1369319079.853943 30 ctime=1369319079.855943274 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/sv.po�����������������������������������������������������������������������������0000644�0000000�0000000�00000100533�12147420772�015137� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������msgid "" msgstr "" "Project-Id-Version: fwlogwatch 1.0.6\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-05-23 15:04+0200\n" "PO-Revision-Date: 2005-12-06 16:06+0100\n" "Last-Translator: Daniel Nylander <po@danielnylander.se>\n" "Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #: ../compare.c:158 #, c-format msgid "conn_sort_up: wrong mode\n" msgstr "conn_sort_up: Fel läge\n" #: ../compare.c:264 #, c-format msgid "Error in sort string: '%c', order expected, ignoring.\n" msgstr "" "Fel i sorteringssträng: \"%c\", sorteringsordning förväntad, ignorerar.\n" #: ../compare.c:278 #, c-format msgid "Error in sort string: '%c', direction expected, ignoring.\n" msgstr "" "Fel i sorteringssträng: \"%c\", sorteringsrikting förväntad, ignorerar.\n" #: ../compare.c:282 #, fuzzy, c-format msgid "Error in sort string, direction expected, ignoring.\n" msgstr "Fel i sorteringssträng: \"%c\", riktning förväntad, felet ignoreras.\n" #: ../compare.c:382 ../compare.c:384 ../modes.c:193 ../modes.c:200 #: ../modes.c:815 ../modes.c:817 ../output.c:106 ../output.c:113 #: ../output.c:193 ../output.c:202 ../output.c:380 msgid "%b %d %H:%M:%S" msgstr "%b %d %H:%M:%S" #: ../compare.c:383 #, c-format msgid "Timewarp in log file (%s" msgstr "Tidsomställning i loggfil (%s" #: ../main.c:25 #, c-format msgid "Usage: %s [options] [input_files]\n" msgstr "Användning: %s [flaggor] [inmatningsfiler]\n" #: ../main.c:26 #, c-format msgid "General options:\n" msgstr "Allmänna flaggor:\n" #: ../main.c:27 #, c-format msgid " -h this help\n" msgstr " -h denna hjälptext\n" #: ../main.c:28 #, c-format msgid " -L show time of first and last log entry\n" msgstr " -L visa tid för första och sista loggposten\n" #: ../main.c:29 #, c-format msgid " -V show version and copyright info\n" msgstr " -V visa versions- och copyrightinformation\n" #: ../main.c:32 #, c-format msgid "Global options:\n" msgstr "Globala flaggor:\n" #: ../main.c:33 #, c-format msgid " -b show amount of data (sum of total packet lengths)\n" msgstr "" " -b visa mängden data (summering av totala paketstorlekar)\n" #: ../main.c:34 #, c-format msgid " -c <file> specify config file (defaults to %s)\n" msgstr " -c <fil> konfigurationsfil (förval: %s)\n" #: ../main.c:35 #, c-format msgid " -D do not differentiate destination IP addresses\n" msgstr " -D skilj ej på mottagande IP-adresser\n" #: ../main.c:36 #, c-format msgid " -d differentiate destination ports\n" msgstr " -d skilj ej på mottagande portnummer\n" #: ../main.c:37 #, c-format msgid " -E <format> select or exclude hosts, ports, chains and targets\n" msgstr " -E <format> välj eller uteslut värdar, portar, kedjor och mål\n" #: ../main.c:38 #, c-format msgid " quick reference: -E[ie][hp][sd]<ip/number>\n" msgstr "" #: ../main.c:39 #, c-format msgid " -E[ie][cb]<name>\n" msgstr "" #: ../main.c:40 #, c-format msgid " -i <file> initialize DNS cache with entries from file\n" msgstr "" #: ../main.c:41 #, c-format msgid " -M <number> only show this amount of entries\n" msgstr " -M <nummer> visa endast detta antal poster\n" #: ../main.c:42 #, c-format msgid " -m <count> only show entries with at least so many incidents\n" msgstr " -m <antal> visa enbart poster med åtminstone ANTAL incidenter\n" #: ../main.c:43 #, c-format msgid " -N resolve service names\n" msgstr " -N slå upp namn på tjänster\n" #: ../main.c:44 #, c-format msgid " -n resolve host names\n" msgstr " -n slå upp värdnamn\n" #: ../main.c:45 #, c-format msgid " -O <order> define the sort order (see the man page for details)\n" msgstr "" " -O <ordning> ange sorteringsordning (se manualsida för beskrivning)\n" #: ../main.c:46 #, fuzzy, c-format msgid "" " -P <format> use parsers for specific formats (defaults to netfilter)\n" msgstr " -P <format> använd enbart tolkar för specifika format\n" #: ../main.c:47 #, c-format msgid " i: ipchains, n: netfilter, f: ipfilter, c: cisco ios\n" msgstr "" #: ../main.c:48 #, c-format msgid "" " p: cisco pix, e: netscreen, l: lancom, s: snort, b: ipfw\n" msgstr "" #: ../main.c:49 #, c-format msgid " -p differentiate protocols\n" msgstr " -p skilj mellan protokoll\n" #: ../main.c:50 #, c-format msgid " -s differentiate source ports\n" msgstr " -s skilj på källportar\n" #: ../main.c:51 #, c-format msgid " -U <title> set report and status page title and email subject\n" msgstr "" " -U <titel> sätt titel för rapport- och statussida och ämne för e-post\n" #: ../main.c:52 #, c-format msgid " -v verbose, specify twice for more info\n" msgstr " -v var informativ, ange två gånger för mer data\n" #: ../main.c:53 #, c-format msgid " -y differentiate TCP options\n" msgstr " -y skilj på TCP-flaggor\n" #: ../main.c:56 #, c-format msgid "Log summary mode (default):\n" msgstr "Läge för loggsammandrag (standard):\n" #: ../main.c:57 #, c-format msgid " -C <email> carbon copy recipients\n" msgstr " -C <e-post> kännedomskopia av rapporten\n" #: ../main.c:58 #, c-format msgid " -e show end times\n" msgstr " -e visa stopptider\n" #: ../main.c:59 #, c-format msgid " -F <email> report sender address (defaults to '%s')\n" msgstr " -F <epost> avsändaradress för rapporten (förval \"%s\")\n" #: ../main.c:60 #, c-format msgid " -l <time> process recent events only (defaults to off)\n" msgstr "" " -l <tid> bearbeta endast senaste händelser (avstängd som standard)\n" #: ../main.c:61 #, c-format msgid " -o <file> specify output file\n" msgstr " -o <fil> ange fil för utdata\n" #: ../main.c:62 #, c-format msgid " -S do not differentiate source IP addresses\n" msgstr " -S skilj inte på källornas IP-adresser\n" #: ../main.c:63 #, c-format msgid " -T <email> send report by email to this address\n" msgstr " -T <email> skicka rapport via e-post till denna address\n" #: ../main.c:64 #, c-format msgid " -t show start times\n" msgstr " -t visa starttider\n" #: ../main.c:65 #, c-format msgid " -W activate whois lookups for source addresses\n" msgstr " -W aktivera whois-uppslag för källadresser\n" #: ../main.c:66 #, c-format msgid " -w HTML output\n" msgstr " -w utdata som HTML\n" #: ../main.c:67 #, c-format msgid " -z show time interval\n" msgstr " -z visa tidsintervall\n" #: ../main.c:70 #, c-format msgid "Realtime response mode:\n" msgstr "Läge för realtidssvar:\n" #: ../main.c:71 #, c-format msgid " -R realtime response as daemon (default action: log only)\n" msgstr "" " -R låt demonen åtgärda i realtid (förvald åtgärd: enbart " "loggning)\n" #: ../main.c:72 #, c-format msgid " -a <count> alert threshold (defaults to %d entries)\n" msgstr " -a <antal> tröskelvärde för larm (förval: %d poster)\n" #: ../main.c:73 #, c-format msgid " -l <time> forget events this old (defaults to %d hours)\n" msgstr " -l <tid> glöm händelser äldre än (förval: %d timmar)\n" #: ../main.c:74 #, c-format msgid " -k <IP/net> add this IP address or net to the list of known hosts\n" msgstr "" " -k <IP/nät> lägg till IP-adress eller nät till listan över kända värdar\n" #: ../main.c:75 #, c-format msgid " -A invoke notification script if threshold is reached\n" msgstr " -A anropa notifieringsskript om tröskelvärdet nås\n" #: ../main.c:76 #, c-format msgid " -B invoke response action script (e.g. block host)\n" msgstr " -B anropa åtgärdsskriptet (exempelvis spärra värd)\n" #: ../main.c:77 #, c-format msgid " -X <port> activate internal status information web server\n" msgstr "" " -X <port> aktivera den interna webbservern för statusinformation\n" #: ../main.c:103 msgid "You can contact the author at <bw@inside-security.de>." msgstr "Upphovsmannen kan kontaktas på adressen <bw@inside-security.de>" #: ../main.c:105 msgid "Compile-time options of this version:" msgstr "Byggtidsflaggor för denna version:" #: ../main.c:106 #, c-format msgid "Short name limit " msgstr "Gräns för kort namn " #: ../main.c:108 ../main.c:114 ../main.c:120 ../main.c:126 msgid "enabled" msgstr "aktiverad" #: ../main.c:110 ../main.c:116 ../main.c:122 ../main.c:128 msgid "disabled" msgstr "avstängd" #: ../main.c:112 #, c-format msgid "Zlib support " msgstr "Stöd för Zlib" #: ../main.c:118 #, c-format msgid "Gettext (i18n) support " msgstr "Stöd för gettext (i18n)" #: ../main.c:124 #, fuzzy, c-format msgid "GNU adns support " msgstr "Stöd för IPv6" #: ../main.c:282 #, c-format msgid "Illegal inclusion/exclusion pos. 1 (expected [ie]): %s\n" msgstr "Ogiltigt inkludering/exkludering pos. 1 (förväntade [ie]): %s\n" #: ../main.c:283 ../main.c:300 ../main.c:309 ../main.c:453 #, c-format msgid "Exiting\n" msgstr "Avslutar\n" #: ../main.c:299 #, c-format msgid "Illegal inclusion/exclusion pos. 2 (expected [hpcb]): %s\n" msgstr "Ogiltigt inkludering/exkludering pos. 2 (förväntade [hpcb]): %s\n" #: ../main.c:308 #, c-format msgid "Illegal inclusion/exclusion pos. 3 (expected [sd]): %s\n" msgstr "Ogiltigt inkludering/exkludering pos. 3 (förväntade [sd]): %s\n" #: ../modes.c:108 #, c-format msgid "Using stdin as input\n" msgstr "Använder standard in för inmatning\n" #: ../modes.c:114 #, c-format msgid "Opening input file '%s'\n" msgstr "Öppnar inmatningsfil \"%s\"\n" #: ../modes.c:130 #, c-format msgid "Processing\n" msgstr "Bearbetar\n" #: ../modes.c:137 #, c-format msgid "Unrecognized entries or tokens can be submitted at\n" msgstr "Okända poster eller token kan skickas på\n" #: ../modes.c:146 ../modes.c:393 ../modes.c:784 ../rcfile.c:379 #, c-format msgid "Closing '%s'\n" msgstr "Stänger \"%s\"\n" #: ../modes.c:175 #, c-format msgid "Sorting data\n" msgstr "Sorterar data\n" #: ../modes.c:212 #, c-format msgid "Opening output file '%s'\n" msgstr "Öppnar utdatafil \"%s\"\n" #: ../modes.c:223 #, c-format msgid "Sending\n" msgstr "Sänder\n" #: ../modes.c:246 ../net.c:341 ../net.c:344 msgid "%A %B %d %H:%M:%S %Z %Y" msgstr "%A %B %d %H:%M:%S %Z %Y" #: ../modes.c:247 #, c-format msgid "Generated %s by " msgstr "Genererad %s av " #: ../modes.c:257 #, c-format msgid "an unknown user.\n" msgstr "en okänd användare.\n" #: ../modes.c:265 #, c-format msgid "(and %d older than %d seconds) " msgstr "(och %d äldre än %d sekunder) " #: ../modes.c:268 #, c-format msgid "(and %d malformed) " msgstr "(och %d felaktiga) " #: ../modes.c:271 #, c-format msgid "of %d entries in the file \"%s\" are packet logs, " msgstr "av %d posterna i filen \"%s\" är paketloggar, " #: ../modes.c:273 #, c-format msgid "of %d entries in standard input are packet logs, " msgstr "av %d poster i standard in är paketloggar, " #: ../modes.c:275 #, c-format msgid "of %d entries in %d input files are packet logs, " msgstr "av %d posterna i %d inmatningsfiler är paketloggar, " #: ../modes.c:279 #, c-format msgid "one has unique characteristics.\n" msgstr "en har unika egenskaper.\n" #: ../modes.c:281 #, c-format msgid "%d have unique characteristics.\n" msgstr "%d har unika egenskaper.\n" #: ../modes.c:289 #, c-format msgid "One entry was excluded by configuration.\n" msgstr "En post utelämnades av konfigurationen.\n" #: ../modes.c:291 #, c-format msgid "%d entries were excluded by configuration.\n" msgstr "%d poster utelämnades av konfigurationen.\n" #: ../modes.c:299 #, c-format msgid "First packet log entry: %s, last: %s.\n" msgstr "Den första posten i loggen: %s, sista: %s.\n" #: ../modes.c:301 ../modes.c:813 #, c-format msgid "No valid time entries found.\n" msgstr "Inga giltiga tidsposter funna.\n" #: ../modes.c:308 #, c-format msgid "All entries were logged by the same host: \"%s\".\n" msgstr "Alla poster var loggade av samma värd: \"%s\".\n" #: ../modes.c:315 #, c-format msgid "All entries are from the same chain: \"%s\".\n" msgstr "Alla poster kom från samma kedja: \"%s\".\n" #: ../modes.c:322 #, c-format msgid "All entries have the same target: \"%s\".\n" msgstr "Alla poster har samma måladress: \"%s\".\n" #: ../modes.c:329 #, c-format msgid "All entries are from the same interface: \"%s\".\n" msgstr "Alla poster kommer från samma nätverksgränssnitt: \"%s\".\n" #: ../modes.c:336 #, c-format msgid "Only entries with a count of at least %d are shown.\n" msgstr "Bara poster med ett antal av minst %d visas.\n" #: ../modes.c:343 #, c-format msgid "Only the top %d entries are shown.\n" msgstr "Bara de översta %d posterna visas.\n" #: ../modes.c:354 #, fuzzy, c-format msgid "Resolving\n" msgstr "Slår upp %s\n" #: ../modes.c:413 #, c-format msgid "Warning: pidfile exists, another fwlogwatch might be running.\n" msgstr "" "Varning: En pid-fil existerar redan, ytterligare en fwlogwatch kanske körs?\n" #: ../modes.c:427 #, c-format msgid "SIGHUP caught, reread configuration file %s" msgstr "SIGHUP fångad, konfigurationsfil %s läses om" #: ../modes.c:429 #, c-format msgid "SIGHUP caught, unable to reread configuration file %s" msgstr "SIGHUP fångad, konfigurationsfil %s kunde inte att läsas om" #: ../modes.c:433 #, c-format msgid "Reread DNS cache file %s" msgstr "" #: ../modes.c:435 #, fuzzy, c-format msgid "Unable to reread DNS cache file %s" msgstr "SIGHUP fångad, konfigurationsfil %s kunde inte att läsas om" #: ../modes.c:459 msgid "SIGUSR1 caught, reading input from stdin, no need to reopen log file" msgstr "" "SIGUSR1 fångad, läser indata från standard in, ingen idé att öppna loggfil " "igen" #: ../modes.c:461 #, c-format msgid "SIGUSR1 caught, reopening log file %s" msgstr "SIGUSR1 fångad, loggfilen %s öppnas igen" #: ../modes.c:533 msgid "SIGTERM caught, cleaning up" msgstr "SIGTERM påträffades, rensar upp" #: ../modes.c:615 #, c-format msgid "Starting (pid %d)" msgstr "Startar (pid %d)" #: ../modes.c:665 msgid "User to run as was not found" msgstr "Användaren som ska köras som hittades inte" #: ../modes.c:680 #, c-format msgid "Changed uid from %d to %d, gid from %d to %d" msgstr "Ändrade uid från %d till %d, gid från %d till %d" #: ../modes.c:682 #, c-format msgid "Running with uid %d, gid %d" msgstr "Kör med uid %d, gid %d" #: ../modes.c:686 msgid "Alert threshold is one attempt" msgstr "Tröskelvärde för <alert> är ett försök" #: ../modes.c:688 #, c-format msgid "Alert threshold is %d attempts" msgstr "Tröskelvärde för <alert> är %d försök" #: ../modes.c:692 #, c-format msgid "Events older than %d second(s) are discarded" msgstr "Poster äldre än %d sekund(er) sållas bort" #: ../modes.c:694 #, c-format msgid "Events older than %d hour(s) are discarded" msgstr "Poster äldre än %d timme/timmar sållas bort" #: ../modes.c:697 #, c-format msgid "Response mode: Log%s%s" msgstr "Svarsläge: Log%s%s" #: ../modes.c:697 ../net.c:350 msgid ", notify" msgstr ", notifiera" #: ../modes.c:697 ../net.c:350 msgid ", respond" msgstr ", svara" #: ../modes.c:728 #, c-format msgid "Reading standard input\n" msgstr "Läser från standard in\n" #: ../modes.c:744 #, c-format msgid "Reading '%s'\n" msgstr "Läser \"%s\"\n" #: ../modes.c:810 #, c-format msgid "Number of files: %d\n" msgstr "Antal filer: %d\n" #: ../modes.c:811 #, c-format msgid "Number of lines: %d\n" msgstr "Antal rader: %d\n" #: ../modes.c:816 #, c-format msgid "First entry: %s\n" msgstr "Första posten: %s\n" #: ../modes.c:818 #, c-format msgid "Last entry : %s\n" msgstr "Sista posten: %s\n" #: ../modes.c:820 #, c-format msgid "Difference : %s\n" msgstr "Skillnad : %s\n" #: ../net.c:106 #, c-format msgid "Listening on %s port %i" msgstr "Lyssnar på %s port %i" #: ../net.c:109 #, c-format msgid "Connections are only allowed from %s" msgstr "" #: ../net.c:149 msgid "decode_base64: input string incomplete" msgstr "decode_base64: okomplett indatasträng" #: ../net.c:156 #, c-format msgid "decode_base64: illegal character '%c' in input string" msgstr "decode_base64: Otillåtet tecken \"%c\" i indatasträngen" #: ../net.c:191 msgid "count" msgstr "antal" #: ../net.c:192 msgid "added" msgstr "lagt till" #: ../net.c:194 msgid "proto" msgstr "proto" #: ../net.c:196 msgid "bytes" msgstr "byte" #: ../net.c:197 msgid "source" msgstr "källa" #: ../net.c:199 ../net.c:208 msgid "hostname" msgstr "värdnamn" #: ../net.c:201 ../net.c:211 msgid "port" msgstr "port" #: ../net.c:203 ../net.c:213 msgid "service" msgstr "tjänst" #: ../net.c:206 msgid "destination" msgstr "destination" #: ../net.c:216 msgid "opts" msgstr "flaggor" #: ../net.c:217 msgid "time remaining" msgstr "återstående tid" #: ../net.c:218 msgid "action" msgstr "åtgärd" #: ../net.c:270 ../net.c:272 ../net.c:337 msgid "Information" msgstr "Information" #: ../net.c:276 ../net.c:278 ../net.c:375 msgid "Options" msgstr "Inställningar" #: ../net.c:282 ../net.c:284 ../net.c:403 msgid "Packet cache" msgstr "Paketcache" #: ../net.c:288 ../net.c:290 ../net.c:472 msgid "Host status" msgstr "Värdstatus" #: ../net.c:293 msgid "Reload" msgstr "Läs om" #: ../net.c:342 msgid "Daemon start time" msgstr "Demonens starttid" #: ../net.c:345 msgid "Current time" msgstr "Nuvarande tid" #: ../net.c:348 msgid "Running time" msgstr "Körtid" #: ../net.c:350 msgid "Log" msgstr "Logg" #: ../net.c:351 msgid "Response mode" msgstr "Svarsläge" #: ../net.c:353 msgid "Lines seen" msgstr "Rader sedda" #: ../net.c:354 msgid "Hits" msgstr "Träffar" #: ../net.c:355 msgid "Old/excluded/malformed" msgstr "Gammal/utesluten/felaktig" #: ../net.c:362 msgid "Entries in packet cache" msgstr "Poster i paketcache" #: ../net.c:369 msgid "Entries in host status" msgstr "Post i värdstatus" #: ../net.c:377 msgid "Parameter" msgstr "Parameter" #: ../net.c:379 msgid "Decrease" msgstr "Minska" #: ../net.c:381 msgid "Current" msgstr "Nuvarande" #: ../net.c:383 msgid "Increase" msgstr "Öka" #: ../net.c:385 msgid "Alert threshold" msgstr "Tröskelvärde för larm" #: ../net.c:387 msgid "Discard timeout" msgstr "Kasta timeout" #: ../net.c:388 msgid "Minimum count in packet cache" msgstr "Minimum antal i paketcache" #: ../net.c:390 ../net.c:392 msgid "Top amount of entries in packet cache" msgstr "Max antal poster i paketcache" #: ../net.c:395 ../net.c:397 msgid "Refresh time" msgstr "Uppdateringsfrekvens" #: ../net.c:419 ../net.c:528 msgid "%Y/%m/%d %H:%M:%S" msgstr "%Y/%m/%d %H:%M:%S" #: ../net.c:456 ../net.c:558 msgid "drop" msgstr "" #: ../net.c:458 msgid "escalate" msgstr "" #: ../net.c:493 ../net.c:509 ../net.c:515 ../net.c:521 msgid "<td>any</td>" msgstr "<td>någon</td>" #: ../net.c:503 msgid "<td>(known host)</td>" msgstr "<td>(kända värdar)</td>" #: ../net.c:505 msgid "<td>(known net)</td>" msgstr "<td>(kända nät)</td>" #: ../net.c:605 #, fuzzy, c-format msgid "Rejected connection from unallowed IP address %s port %i" msgstr "Avvisad anslutning från otillåten IP-adress %s port %i" #: ../net.c:614 #, c-format msgid "Connect from %s port %i" msgstr "Anslutning från %s port %i" #: ../net.c:677 msgid "Authorization failed" msgstr "Auktorisation misslyckades" #: ../net.c:680 msgid "Authorization required" msgstr "Auktorisation krävs" #: ../net.c:757 msgid "Bad request" msgstr "Felaktig begäran" #: ../net.c:762 msgid "Redirect" msgstr "Dirigera om" #: ../net.c:762 msgid "You should be redirected to the <a href=\"/\">root directory</a>" msgstr "Du bör bli omdirigerad till <a href=\"/\">rotkatalogen</a>" #: ../net.c:774 #, c-format msgid "Requested function: %s" msgstr "Begärd funktion: %s" #: ../net.c:777 msgid "Connection closed" msgstr "Anslutning stängd" #: ../output.c:200 #, c-format msgid " to " msgstr " till " #: ../output.c:255 #, c-format msgid " packet" msgstr " paket" #: ../output.c:257 #, c-format msgid " packets" msgstr " paket" #: ../output.c:261 #, fuzzy, c-format msgid " (%lu bytes)" msgstr " (%d byte)" #: ../output.c:264 #, c-format msgid " from %s" msgstr " från %s" #: ../output.c:280 ../output.c:293 #, c-format msgid " port %d" msgstr " port %d" #: ../output.c:286 #, c-format msgid " to %s" msgstr " till %s" #: ../output.c:313 #, c-format msgid "<th>start</th>" msgstr "<th>start</th>" #: ../output.c:316 #, c-format msgid "<th>end</th>" msgstr "<th>slut</th>" #: ../output.c:319 #, c-format msgid "<th>interval</th>" msgstr "<th>intervall</th>" #: ../output.c:322 #, c-format msgid "<th>loghost</th>" msgstr "<th>loggvärd</th>" #: ../output.c:325 #, c-format msgid "<th>chain</th>" msgstr "<th>kedja</th>" #: ../output.c:328 #, c-format msgid "<th>target</th>" msgstr "<th>mål</th>" #: ../output.c:331 #, c-format msgid "<th>interface</th>" msgstr "<th>gränssnitt</th>" #: ../output.c:334 #, c-format msgid "<th>proto</th>" msgstr "<th>proto</th>" #: ../output.c:337 #, c-format msgid "<th>bytes</th>" msgstr "<th>antal byte</th>" #: ../output.c:340 #, c-format msgid "<th>source</th>" msgstr "<th>källa</th>" #: ../output.c:342 ../output.c:356 #, c-format msgid "<th>hostname</th>" msgstr "<th>värdnamn</th>" #: ../output.c:344 #, c-format msgid "<th>whois information</th>" msgstr "<th>whois-information</th>" #: ../output.c:348 ../output.c:360 #, c-format msgid "<th>port</th>" msgstr "<th>port</th>" #: ../output.c:350 ../output.c:362 #, c-format msgid "<th>service</th>" msgstr "<th>tjänst</th>" #: ../output.c:354 #, c-format msgid "<th>destination</th>" msgstr "<th>destination</th>" #: ../output.c:366 #, c-format msgid "<th>opts</th>" msgstr "<th>flaggor</th>" #: ../parser.c:270 #, c-format msgid "Unknown parser: '%c'.\n" msgstr "Okänd tolk: \"%c\".\n" #: ../rcfile.c:58 #, c-format msgid "Error in configuration file '%s' line %d: not a number\n" msgstr "Fel i konfigurationsfil \"%s\" rad %d: inte ett nummer\n" #: ../rcfile.c:87 #, c-format msgid "Error in configuration file '%s' line %d, assuming 'true'\n" msgstr "Fel i konfigurationsfil \"%s\" rad %d, antar \"true\"\n" #: ../rcfile.c:281 #, c-format msgid "Unrecognized option in configuration file '%s' line %d\n" msgstr "Okänd inställning i konfigurationsfil \"%s\" line %d\n" #: ../rcfile.c:332 #, fuzzy, c-format msgid "Unrecognized entry in DNS cache file '%s' line %d\n" msgstr "Okänd inställning i konfigurationsfil \"%s\" line %d\n" #: ../rcfile.c:349 #, c-format msgid "%s is not a regular file, ignoring.\n" msgstr "%s är inte en vanlig fil, ignoreras.\n" #: ../rcfile.c:358 #, fuzzy, c-format msgid "Opening DNS cache file '%s'\n" msgstr "Öppnar inmatningsfil \"%s\"\n" #: ../rcfile.c:360 #, c-format msgid "Opening configuration file '%s'\n" msgstr "Öppnar konfigurationsfil '%s'\n" #: ../resolve.c:62 #, c-format msgid "port mismatch: %d != %d\n" msgstr "Port stämmer inte: %d != %d\n" #: ../resolve.c:99 ../resolve.c:172 msgid "[timeout]" msgstr "" #: ../resolve.c:101 ../resolve.c:174 msgid "[server failure]" msgstr "" #: ../resolve.c:111 ../resolve.c:213 #, c-format msgid "Resolving %s\n" msgstr "Slår upp %s\n" #: ../resolve.c:122 #, c-format msgid "%s [forward lookup failed]" msgstr "%s [uppslag misslyckades]" #: ../resolve.c:131 #, fuzzy, c-format msgid " [v4 forward lookup: %s]" msgstr "%s [uppslag: %s]" #: ../resolve.c:138 #, fuzzy, c-format msgid " [v6 forward lookup: %s]" msgstr "%s [uppslag: %s]" #: ../resolve.c:180 #, c-format msgid "[adns status %d]" msgstr "" #: ../resolve.c:192 msgid "[adns error]" msgstr "" #: ../resolve.c:206 ../resolve.c:354 #, c-format msgid "Resolving %s from cache\n" msgstr "Slår upp %s från cache\n" #: ../resolve.c:218 #, fuzzy, c-format msgid "Resolving %s from adns\n" msgstr "Slår upp %s från cache\n" #: ../resolve.c:240 #, c-format msgid "IP address %s is already in DNS cache\n" msgstr "" #: ../resolve.c:246 #, c-format msgid "Adding IP address '%s' with host name '%s' to DNS cache\n" msgstr "" #: ../resolve.c:283 #, c-format msgid "Submitted %s to adns\n" msgstr "" #: ../response.c:56 msgid "One logging ipchains firewall rule defined" msgstr "En loggregel för ipchains definierad" #: ../response.c:58 #, c-format msgid "%u logging ipchains firewall rules defined" msgstr "%u loggregler för ipchains definierade" #: ../response.c:61 msgid "No logging ipchains firewall rules defined, format was requested" msgstr "Inga loggregler för ipchains definierade, format var begärd" #: ../response.c:82 #, c-format msgid "%s is group/world writable" msgstr "%s är skrivbar för grupp/världen" #: ../response.c:168 #, c-format msgid "Deleting packet cache entry (%s)" msgstr "Raderar paketpost från cache (%s)" #: ../response.c:202 #, c-format msgid "Deleting host status entry (%s)" msgstr "Raderar statuspost för värd (%s)" #: ../response.c:280 #, c-format msgid "ALERT: %d attempts from %s" msgstr "LARM: %d angreppsförsök från %s" #: ../utils.c:53 #, c-format msgid "" "\n" "Memory allocation error, exiting.\n" msgstr "" "\n" "Minneshanteringsfel i programmet. Programmet avslutas.\n" #: ../utils.c:68 msgid "Exiting" msgstr "Avslutar" #: ../utils.c:77 msgid "Not executing buffer containing format string" msgstr "Exekverar inte buffert som innehåller formateringssträng" #: ../utils.c:82 #, c-format msgid "Executing '%s'" msgstr "Startar \"%s\"" #: ../utils.c:194 #, c-format msgid "" "fwlogwatch error: mode collision, please check that you didn't specify\n" " several modes on the command line or a second mode is active in the\n" " configuration file.\n" " Please use a separate configuration file for each mode or comment out " "all\n" " entries in the default configuration and use command line parameters.\n" msgstr "" "Fel i fwlogwatch: Kollision mellan lägen. Kontrollera att du inte angav\n" " flera lägen på kommandoraden eller ett annat läge är konfigurerad i " "konfigurationsfilen.\n" " Använd en separat konfigurationsfil för varje läge eller kommentera ut\n" " delar av standardkonfigurationen och använd parametrar på kommandoraden.\n" #: ../utils.c:301 #, c-format msgid "[error]" msgstr "" #: ../utils.c:317 #, c-format msgid "IP address error: %s\n" msgstr "IP-adressfel: %s\n" #: ../utils.c:342 ../utils.c:353 #, c-format msgid "Error in CIDR format: %s\n" msgstr "Fel i CIDR-format: %s\n" #: ../utils.c:403 #, c-format msgid "(known host)\n" msgstr "(känd värd)\n" #: ../utils.c:443 #, c-format msgid "(excluded host)\n" msgstr "(utesluten värd)\n" #: ../whois.c:226 #, fuzzy, c-format msgid "Looking up whois info for %s(/%d) from cache\n" msgstr "Slår upp whois-information för %s från cache\n" #: ../whois.c:233 #, c-format msgid "Looking up whois info for %s\n" msgstr "Slår upp whois-information för %s\n" #: ../whois.c:254 #, c-format msgid "lookup failed: %s\n" msgstr "Uppslag misslyckades: %s\n" #: ../main.h:314 msgid "fwlogwatch summary" msgstr "Sammandrag från fwlogwatch" #: ../main.h:324 msgid "fwlogwatch status" msgstr "Status för fwlogwatch" #~ msgid "IPv6 support " #~ msgstr "Stöd för IPv6" #~ msgid "Wrong host name size\n" #~ msgstr "Felaktig storlek för värdnamn\n" #, fuzzy #~ msgid "[inconsistent forward lookup]" #~ msgstr "%s [uppslag: %s]" #~ msgid "Interactive report mode (summary mode extension):\n" #~ msgstr "Interaktivt rapporteringsläge (utökning för kortfattat läge):\n" #~ msgid " -i <count> interactive mode with report threshold\n" #~ msgstr " -i <antal> interaktivt läge med tröskelvärde för rapport\n" #~ msgid " -T <email> address of CERT or abuse contact to send report to\n" #~ msgstr "" #~ " -T <epost> adress till CERT eller \"abuse\"-kontakt att sända rapport " #~ "till\n" #~ msgid " -I <file> template file for report (defaults to %s)\n" #~ msgstr " -I <fil> rapportmall (förval \"%s\")\n" #~ msgid "" #~ "Reporting threshold: %d\n" #~ "\n" #~ msgstr "" #~ "Tröskelvärde för rapport: %d\n" #~ "\n" #~ msgid "Offending IP address: %s\n" #~ msgstr "Angripande IP-adress: %s\n" #~ msgid "Offending IP name: %s\n" #~ msgstr "Angriparens DNS-namn: %s\n" #~ msgid "Target IP address: %s\n" #~ msgstr "Målets IP-adress: %s\n" #~ msgid "Target IP name: %s\n" #~ msgstr "Målets DNS-namn: %s\n" #~ msgid "Number of logged attempts: %s\n" #~ msgstr "Antal loggade försök: %s\n" #~ msgid "Start time: %s\n" #~ msgstr "Starttid: %s\n" #~ msgid "End time: %s\n" #~ msgstr "Sluttid: %s\n" #~ msgid "Timezone: %s\n" #~ msgstr "Tidszon: %s\n" #~ msgid "Duration: %s\n" #~ msgstr "Längd: %s\n" #~ msgid "Protocol: %s\n" #~ msgstr "Protokoll: %s\n" #~ msgid "Source port: %s\n" #~ msgstr "Källport: %s\n" #~ msgid "Destination port: %s\n" #~ msgstr "Mottagarport: %s\n" #~ msgid "TCP options: %s\n" #~ msgstr "TCP-flaggor: %s\n" #~ msgid "Tracking number: %s\n" #~ msgstr "Spårnummer: %s\n" #~ msgid "Incident report %s-%s" #~ msgstr "Incidentrapport %s-%s" #~ msgid "%d (unknown)" #~ msgstr "%d (okänd)" #~ msgid "no SYNs" #~ msgstr "inga SYN" #~ msgid "SYNs only" #~ msgstr "endast SYN" #~ msgid "" #~ "\n" #~ "What do you want to change? [1-18/(o)k] " #~ msgstr "" #~ "\n" #~ "Vad vill du ändra? [1-18/(o)k] " #~ msgid "New value: " #~ msgstr "Nytt värde: " #~ msgid "" #~ "\n" #~ "Should this report be sent? [(s)end/(m)odify/(q)uit] " #~ msgstr "" #~ "\n" #~ "Skall denna rapport sändas? [(s)änd |(m)odifiera |(q) sluta] " #, fuzzy #~ msgid "<tr><td align=\"right\">Daemon start time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>Startid för Daemonprocessen:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Current time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>Aktuell tid:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Running time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>Tid för Exekvering:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Response mode:</td><td>Log%s%s</td></tr>\n" #~ msgstr "<tr><td>Svarsmod:</td><td>logg%s%s</td></tr>\n" #, fuzzy #~ msgid "Host status: %d</td></tr>\n" #~ msgstr "<h2>Status för serverdatorn</h2>\n" #, fuzzy #~ msgid "<tr align=\"center\"><th>count</th><th>added</th>" #~ msgstr "" #~ "<tr bgcolor=\"#%s\" align=\"center\"><td>Antal</td><td>Adderade</" #~ "td><td>IP-adress på avsändare</td>" #~ msgid "Authorization failed (%s)" #~ msgstr "Misslyckad auktorisation (%s)" #~ msgid "" #~ "<body>\n" #~ "<h1>Authorization Required</h1>\n" #~ "</body>\n" #~ "</html>\n" #~ msgstr "" #~ "<body>\n" #~ "<h1>Auktorisation krävs</h1>\n" #~ "</body>\n" #~ "</html>\n" #, fuzzy #~ msgid "<p><a href=\"/\">Reload</a>" #~ msgstr "<a href=\"/\">Ladda om</a><br>\n" #, fuzzy #~ msgid "" #~ "<br>\n" #~ "(automatic refresh every %d seconds)</p>\n" #~ msgstr "(Automatisk återladdning var %d sekund)<br>\n" #, fuzzy #~ msgid "" #~ "<tr><td>Alert threshold:</td><td>%d entries</td></tr>\n" #~ "<tr><td>Discard timeout:</td><td>%s</td></tr>\n" #~ msgstr "" #~ "<tr><td>Tröskelvärde för larm (alert):</td><td>%d poster</td></tr>\n" #~ "<tr><td>Tidsmässigt tröskelvärde för att släppa:</td><td>%d sekunder</" #~ "td></tr>\n" #, fuzzy #~ msgid " -f <file> specify input file (defaults to %s)\n" #~ msgstr " -f <filnamn> Specificera indatafil (Standardförval: %s)\n" #~ msgid "\"%s\" are packet logs, " #~ msgstr "\"%s\" är paketloggar, " #~ msgid " (defaults to '%s')\n" #~ msgstr " (Standardmässigt förval: '%s')\n" #~ msgid " (defaults to %s)\n" #~ msgstr " (Standardmässigt förval: %s)\n" #~ msgid "SIGHUP caught, ignoring" #~ msgstr "signalen SIGHUP fångad, ignorerad" #~ msgid "<td>Hostname</td>" #~ msgstr "<td>Namn</td>" #~ msgid "<td>Destination IP address</td>" #~ msgstr "<td>IP-Adress på mottagare</td>" #~ msgid "<td>Protocol</td>" #~ msgstr "<td>Protokoll</td>" #~ msgid "<td>Source port</td>" #~ msgstr "<td>Avsändarport</td>" #, fuzzy #~ msgid "<td>Service</td>" #~ msgstr "<td>avsändare</td>" #~ msgid "<td>Destination port</td>" #~ msgstr "<td>Mottagarport</td>" #~ msgid "" #~ "<html>\n" #~ "<head>\n" #~ "<title>fwlogwatch status\n" #~ msgstr "" #~ "\n" #~ "\n" #~ "Status fwlogwatch\n" #~ msgid "" #~ "
\n" #~ "

fwlogwatch status

\n" #~ msgstr "" #~ "
\n" #~ "

Status fwlogwatch

\n" #~ msgid "fwlogwatch output: %s\n" #~ msgstr "utmatning fwlogwatch: %s\n" #~ msgid "

fwlogwatch output

\n" #~ msgstr "

utmatning från fwlogwatch

\n" #~ msgid "startend" #~ msgstr "StartSlut" #~ msgid "portservice" #~ msgstr "Porttjänst" fwlogwatch-1.4/po/PaxHeaders.8080/Makefile0000644000000000000000000000012412145435573016527 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.846943 30 ctime=1369319079.847943334 fwlogwatch-1.4/po/Makefile0000644000000000000000000000120012145435573015601 0ustar00rootroot00000000000000# Copyright (C) 2000-2013 Boris Wesslowski # $Id: Makefile 731 2013-05-17 14:15:23Z bw $ all: msgfmt -v -o de.mo de.po msgfmt -v -o ja.mo ja.po msgfmt -v -o pt.mo pt.po msgfmt -v -o sv.mo sv.po msgfmt -v -o zh_CN.mo zh_CN.po msgfmt -v -o zh_TW.mo zh_TW.po strings: xgettext -d fwlogwatch -k_ ../*.c ../*.h merge: msgmerge -v -o de.po.new de.po fwlogwatch.pot msgmerge -v -o ja.po.new ja.po fwlogwatch.pot msgmerge -v -o pt.po.new pt.po fwlogwatch.pot msgmerge -v -o sv.po.new sv.po fwlogwatch.pot msgmerge -v -o zh_CN.po.new zh_CN.po fwlogwatch.pot msgmerge -v -o zh_TW.po.new zh_TW.po fwlogwatch.pot clean: rm -f *~ *.mo fwlogwatch-1.4/po/PaxHeaders.8080/pt.po0000644000000000000000000000012412147420772016047 xustar000000000000000027 mtime=1369317882.372329 27 atime=1369319079.850943 30 ctime=1369319079.851943304 fwlogwatch-1.4/po/pt.po0000644000000000000000000007661412147420772015146 0ustar00rootroot00000000000000msgid "" msgstr "" "Project-Id-Version: fwlogwatch 0.5\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-05-23 15:04+0200\n" "PO-Revision-Date: 2002-01-27 16:17+0100\n" "Last-Translator: Ivan F. Martinez \n" "Language-Team: -\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #: ../compare.c:158 #, c-format msgid "conn_sort_up: wrong mode\n" msgstr "conn_sort_up: modo invalido\n" #: ../compare.c:264 #, c-format msgid "Error in sort string: '%c', order expected, ignoring.\n" msgstr "Erro na string de ordenacao: '%c', experado ordem, ignorando.\n" #: ../compare.c:278 #, c-format msgid "Error in sort string: '%c', direction expected, ignoring.\n" msgstr "Erro na string de ordenacao: '%c', experado direcao, ignorando.\n" #: ../compare.c:282 #, fuzzy, c-format msgid "Error in sort string, direction expected, ignoring.\n" msgstr "Erro na string de ordenacao: '%c', experado direcao, ignorando.\n" #: ../compare.c:382 ../compare.c:384 ../modes.c:193 ../modes.c:200 #: ../modes.c:815 ../modes.c:817 ../output.c:106 ../output.c:113 #: ../output.c:193 ../output.c:202 ../output.c:380 msgid "%b %d %H:%M:%S" msgstr "" #: ../compare.c:383 #, c-format msgid "Timewarp in log file (%s" msgstr "Avanco de tempo no arquivo de log (%s" #: ../main.c:25 #, fuzzy, c-format msgid "Usage: %s [options] [input_files]\n" msgstr "Uso: %s [opções]\n" #: ../main.c:26 #, fuzzy, c-format msgid "General options:\n" msgstr "Opções globais:\n" #: ../main.c:27 #, fuzzy, c-format msgid " -h this help\n" msgstr " -h mostra texto de ajuda\n" #: ../main.c:28 #, fuzzy, c-format msgid " -L show time of first and last log entry\n" msgstr "" " -L mostra horario inicial e final do arquivo de log\n" #: ../main.c:29 #, fuzzy, c-format msgid " -V show version and copyright info\n" msgstr " -V mostra informações sobre versão e copyright\n" #: ../main.c:32 #, c-format msgid "Global options:\n" msgstr "Opções globais:\n" #: ../main.c:33 #, fuzzy, c-format msgid " -b show amount of data (sum of total packet lengths)\n" msgstr "" " -b mostra total de dados (soma dos tamanhos dos pacotes)\n" #: ../main.c:34 #, fuzzy, c-format msgid " -c specify config file (defaults to %s)\n" msgstr "" " -c especifica arquivo de configuração (padrão : %s)\n" #: ../main.c:35 #, fuzzy, c-format msgid " -D do not differentiate destination IP addresses\n" msgstr " -D não diferencia endereços IP de destino\n" #: ../main.c:36 #, fuzzy, c-format msgid " -d differentiate destination ports\n" msgstr " -d diferencia portas de destino\n" #: ../main.c:37 #, c-format msgid " -E select or exclude hosts, ports, chains and targets\n" msgstr "" #: ../main.c:38 #, c-format msgid " quick reference: -E[ie][hp][sd]\n" msgstr "" #: ../main.c:39 #, c-format msgid " -E[ie][cb]\n" msgstr "" #: ../main.c:40 #, c-format msgid " -i initialize DNS cache with entries from file\n" msgstr "" #: ../main.c:41 #, c-format msgid " -M only show this amount of entries\n" msgstr "" #: ../main.c:42 #, fuzzy, c-format msgid " -m only show entries with at least so many incidents\n" msgstr "" " -m mostra somente entradas com um minimo de ocorrencias\n" #: ../main.c:43 #, fuzzy, c-format msgid " -N resolve service names\n" msgstr " -N resolve nome de servico\n" #: ../main.c:44 #, fuzzy, c-format msgid " -n resolve host names\n" msgstr " -n resolve nome de hosts\n" #: ../main.c:45 #, fuzzy, c-format msgid " -O define the sort order (see the man page for details)\n" msgstr "" " -O define a ordem para ordenação (veja pagina man para " "detalhes)\n" #: ../main.c:46 #, fuzzy, c-format msgid "" " -P use parsers for specific formats (defaults to netfilter)\n" msgstr " -P utiliza somente os formatos especificados\n" #: ../main.c:47 #, c-format msgid " i: ipchains, n: netfilter, f: ipfilter, c: cisco ios\n" msgstr "" #: ../main.c:48 #, c-format msgid "" " p: cisco pix, e: netscreen, l: lancom, s: snort, b: ipfw\n" msgstr "" #: ../main.c:49 #, fuzzy, c-format msgid " -p differentiate protocols\n" msgstr " -p diferenciar protocolos\n" #: ../main.c:50 #, fuzzy, c-format msgid " -s differentiate source ports\n" msgstr " -s diferenciar portas de origem\n" #: ../main.c:51 #, c-format msgid " -U set report and status page title and email subject\n" msgstr "" #: ../main.c:52 #, fuzzy, c-format msgid " -v verbose, specify twice for more info\n" msgstr "" " -v detalhes, especifique duas vezes para mais informações\n" #: ../main.c:53 #, fuzzy, c-format msgid " -y differentiate TCP options\n" msgstr " -y diferenciar opções de TCP\n" #: ../main.c:56 #, c-format msgid "Log summary mode (default):\n" msgstr "Modo sumario de log (padrão):\n" #: ../main.c:57 #, fuzzy, c-format msgid " -C <email> carbon copy recipients\n" msgstr " -C <email> destinatarios para cópia\n" #: ../main.c:58 #, fuzzy, c-format msgid " -e show end times\n" msgstr " -e mostrar horario final\n" #: ../main.c:59 #, fuzzy, c-format msgid " -F <email> report sender address (defaults to '%s')\n" msgstr " -F <email> email origem no envio do relatório\n" #: ../main.c:60 #, fuzzy, c-format msgid " -l <time> process recent events only (defaults to off)\n" msgstr "" " -l <tempo> processa eventos recentes somente (padrão : desligado)\n" #: ../main.c:61 #, fuzzy, c-format msgid " -o <file> specify output file\n" msgstr " -o <arq.> especifica arquivo de saida\n" #: ../main.c:62 #, fuzzy, c-format msgid " -S do not differentiate source IP addresses\n" msgstr " -S não diferencia endereços IP de origem\n" #: ../main.c:63 #, c-format msgid " -T <email> send report by email to this address\n" msgstr "" #: ../main.c:64 #, fuzzy, c-format msgid " -t show start times\n" msgstr " -t mostrar horario inicial\n" #: ../main.c:65 #, fuzzy, c-format msgid " -W activate whois lookups for source addresses\n" msgstr " -W activa verificação whois para endereços origem\n" #: ../main.c:66 #, fuzzy, c-format msgid " -w HTML output\n" msgstr " -w saída em HTML\n" #: ../main.c:67 #, fuzzy, c-format msgid " -z show time interval\n" msgstr " -z mostra intervalo de tempo\n" #: ../main.c:70 #, c-format msgid "Realtime response mode:\n" msgstr "Modo de resposta em tempo real:\n" #: ../main.c:71 #, fuzzy, c-format msgid " -R realtime response as daemon (default action: log only)\n" msgstr "" " -R modo de resposta em tempo real (ação padrão: somente " "registra)\n" #: ../main.c:72 #, fuzzy, c-format msgid " -a <count> alert threshold (defaults to %d entries)\n" msgstr " -a <num> limite de ativação (padrão : %d entradas)\n" #: ../main.c:73 #, fuzzy, c-format msgid " -l <time> forget events this old (defaults to %d hours)\n" msgstr "" " -l <tempo> esquece eventos após periodo (padrão : %d horas)\n" #: ../main.c:74 #, fuzzy, c-format msgid " -k <IP/net> add this IP address or net to the list of known hosts\n" msgstr " -k <IP/rede> adiciona IP ou rede à lista de conhecidos\n" #: ../main.c:75 #, fuzzy, c-format msgid " -A invoke notification script if threshold is reached\n" msgstr " -A executa scripta de avisao ao chegar no limite\n" #: ../main.c:76 #, fuzzy, c-format msgid " -B invoke response action script (e.g. block host)\n" msgstr "" " -B executa script de resposta automatica (ex. bloqueia " "maquina)\n" #: ../main.c:77 #, fuzzy, c-format msgid " -X <port> activate internal status information web server\n" msgstr " -X activa servidor web interno de informações\n" #: ../main.c:103 #, fuzzy msgid "You can contact the author at <bw@inside-security.de>." msgstr "Você pode contactar o autor via <bw@inside-security.de>." #: ../main.c:105 msgid "Compile-time options of this version:" msgstr "" #: ../main.c:106 #, c-format msgid "Short name limit " msgstr "" #: ../main.c:108 ../main.c:114 ../main.c:120 ../main.c:126 msgid "enabled" msgstr "" #: ../main.c:110 ../main.c:116 ../main.c:122 ../main.c:128 msgid "disabled" msgstr "" #: ../main.c:112 #, c-format msgid "Zlib support " msgstr "" #: ../main.c:118 #, c-format msgid "Gettext (i18n) support " msgstr "" #: ../main.c:124 #, c-format msgid "GNU adns support " msgstr "" #: ../main.c:282 #, c-format msgid "Illegal inclusion/exclusion pos. 1 (expected [ie]): %s\n" msgstr "" #: ../main.c:283 ../main.c:300 ../main.c:309 ../main.c:453 #, c-format msgid "Exiting\n" msgstr "Terminando\n" #: ../main.c:299 #, c-format msgid "Illegal inclusion/exclusion pos. 2 (expected [hpcb]): %s\n" msgstr "" #: ../main.c:308 #, c-format msgid "Illegal inclusion/exclusion pos. 3 (expected [sd]): %s\n" msgstr "" #: ../modes.c:108 #, c-format msgid "Using stdin as input\n" msgstr "Usando stdin como entrada\n" #: ../modes.c:114 #, c-format msgid "Opening input file '%s'\n" msgstr "Abrindo arquivo de entrada '%s'\n" #: ../modes.c:130 #, c-format msgid "Processing\n" msgstr "Processando\n" #: ../modes.c:137 #, c-format msgid "Unrecognized entries or tokens can be submitted at\n" msgstr "" #: ../modes.c:146 ../modes.c:393 ../modes.c:784 ../rcfile.c:379 #, c-format msgid "Closing '%s'\n" msgstr "Fechando '%s'\n" #: ../modes.c:175 #, c-format msgid "Sorting data\n" msgstr "Ordenando dados\n" #: ../modes.c:212 #, c-format msgid "Opening output file '%s'\n" msgstr "Abrindo arquivo de saída '%s'\n" #: ../modes.c:223 #, fuzzy, c-format msgid "Sending\n" msgstr "Enviando...\n" #: ../modes.c:246 ../net.c:341 ../net.c:344 msgid "%A %B %d %H:%M:%S %Z %Y" msgstr "" #: ../modes.c:247 #, c-format msgid "Generated %s by " msgstr "Gerado %s por " #: ../modes.c:257 #, c-format msgid "an unknown user.\n" msgstr "um usuario desconhecido.\n" #: ../modes.c:265 #, c-format msgid "(and %d older than %d seconds) " msgstr "(e %d anteriores à %d segundos) " #: ../modes.c:268 #, c-format msgid "(and %d malformed) " msgstr "(e %d mal formadas) " #: ../modes.c:271 #, fuzzy, c-format msgid "of %d entries in the file \"%s\" are packet logs, " msgstr "de %d entradas no arquivo " #: ../modes.c:273 #, c-format msgid "of %d entries in standard input are packet logs, " msgstr "" #: ../modes.c:275 #, fuzzy, c-format msgid "of %d entries in %d input files are packet logs, " msgstr "de %d entradas no arquivo " #: ../modes.c:279 #, c-format msgid "one has unique characteristics.\n" msgstr "um tem caracteristica unica.\n" #: ../modes.c:281 #, c-format msgid "%d have unique characteristics.\n" msgstr "%d tem caracteristicas unicas.\n" #: ../modes.c:289 #, c-format msgid "One entry was excluded by configuration.\n" msgstr "Uma entrada foi excluida pela configuração.\n" #: ../modes.c:291 #, c-format msgid "%d entries were excluded by configuration.\n" msgstr "%d entradas foram excluidas pela configuração.\n" #: ../modes.c:299 #, c-format msgid "First packet log entry: %s, last: %s.\n" msgstr "Primeiro pacote registrado: %s, ultimo: %s.\n" #: ../modes.c:301 ../modes.c:813 #, c-format msgid "No valid time entries found.\n" msgstr "Nenhum registro de horario valido encontrado.\n" #: ../modes.c:308 #, c-format msgid "All entries were logged by the same host: \"%s\".\n" msgstr "Todos registros são da mesma maquina: \"%s\".\n" #: ../modes.c:315 #, c-format msgid "All entries are from the same chain: \"%s\".\n" msgstr "Todos registros são do mesmo chain: \"%s\".\n" #: ../modes.c:322 #, c-format msgid "All entries have the same target: \"%s\".\n" msgstr "Todos registros tem o mesmo destino: \"%s\".\n" #: ../modes.c:329 #, c-format msgid "All entries are from the same interface: \"%s\".\n" msgstr "Todos registros são da mesma interface: \"%s\".\n" #: ../modes.c:336 #, fuzzy, c-format msgid "Only entries with a count of at least %d are shown.\n" msgstr "Somente registros com contagem maior que %d são mostrados.\n" #: ../modes.c:343 #, fuzzy, c-format msgid "Only the top %d entries are shown.\n" msgstr "Somente registros com contagem maior que %d são mostrados.\n" #: ../modes.c:354 #, fuzzy, c-format msgid "Resolving\n" msgstr "Resolvendo %s\n" #: ../modes.c:413 #, c-format msgid "Warning: pidfile exists, another fwlogwatch might be running.\n" msgstr "Aviso: arquivo pid existe,outro fwlogwatch pode estar rodando.\n" #: ../modes.c:427 #, fuzzy, c-format msgid "SIGHUP caught, reread configuration file %s" msgstr "SIGHUP recebido, reabrindo arquivo de log" #: ../modes.c:429 #, fuzzy, c-format msgid "SIGHUP caught, unable to reread configuration file %s" msgstr "SIGHUP recebido, reabrindo arquivo de log" #: ../modes.c:433 #, c-format msgid "Reread DNS cache file %s" msgstr "" #: ../modes.c:435 #, fuzzy, c-format msgid "Unable to reread DNS cache file %s" msgstr "SIGHUP recebido, reabrindo arquivo de log" #: ../modes.c:459 msgid "SIGUSR1 caught, reading input from stdin, no need to reopen log file" msgstr "" #: ../modes.c:461 #, fuzzy, c-format msgid "SIGUSR1 caught, reopening log file %s" msgstr "SIGHUP recebido, reabrindo arquivo de log" #: ../modes.c:533 msgid "SIGTERM caught, cleaning up" msgstr "SIGTERM recebido, fechando" #: ../modes.c:615 #, c-format msgid "Starting (pid %d)" msgstr "Iniciando (pid %d)" #: ../modes.c:665 msgid "User to run as was not found" msgstr "" #: ../modes.c:680 #, c-format msgid "Changed uid from %d to %d, gid from %d to %d" msgstr "" #: ../modes.c:682 #, c-format msgid "Running with uid %d, gid %d" msgstr "" #: ../modes.c:686 msgid "Alert threshold is one attempt" msgstr "Limite de alerta em uma tentativa" #: ../modes.c:688 #, c-format msgid "Alert threshold is %d attempts" msgstr "Limite de alerta : %d tentativas" #: ../modes.c:692 #, c-format msgid "Events older than %d second(s) are discarded" msgstr "Eventos anteriores a %d segundo(s) são discartados" #: ../modes.c:694 #, c-format msgid "Events older than %d hour(s) are discarded" msgstr "Eventos anteriores a %d houra(s) são discartados" #: ../modes.c:697 #, fuzzy, c-format msgid "Response mode: Log%s%s" msgstr "Modo de resposta : registra%s%s" #: ../modes.c:697 ../net.c:350 msgid ", notify" msgstr ", avisa" #: ../modes.c:697 ../net.c:350 msgid ", respond" msgstr ", responde" #: ../modes.c:728 #, c-format msgid "Reading standard input\n" msgstr "Lendo entrada padrão(stdin)\n" #: ../modes.c:744 #, c-format msgid "Reading '%s'\n" msgstr "Lendo '%s'\n" #: ../modes.c:810 #, fuzzy, c-format msgid "Number of files: %d\n" msgstr "Numero de tentativas registradas: %s\n" #: ../modes.c:811 #, fuzzy, c-format msgid "Number of lines: %d\n" msgstr "no. de linhas : %d\n" #: ../modes.c:816 #, c-format msgid "First entry: %s\n" msgstr "Primeiro registro: %s\n" #: ../modes.c:818 #, c-format msgid "Last entry : %s\n" msgstr "Ultimo registro : %s\n" #: ../modes.c:820 #, c-format msgid "Difference : %s\n" msgstr "" #: ../net.c:106 #, c-format msgid "Listening on %s port %i" msgstr "Esperando conexões em %s porta %i" #: ../net.c:109 #, c-format msgid "Connections are only allowed from %s" msgstr "" #: ../net.c:149 msgid "decode_base64: input string incomplete" msgstr "decode_base64: string de entrada incompleta" #: ../net.c:156 #, c-format msgid "decode_base64: illegal character '%c' in input string" msgstr "decode_base64: caracter ilegal '%c' na string de entrada" #: ../net.c:191 msgid "count" msgstr "" #: ../net.c:192 msgid "added" msgstr "" #: ../net.c:194 msgid "proto" msgstr "" #: ../net.c:196 #, fuzzy msgid "bytes" msgstr " (%d bytes)" #: ../net.c:197 msgid "source" msgstr "" #: ../net.c:199 ../net.c:208 #, fuzzy msgid "hostname" msgstr "<td>maquina</td>" #: ../net.c:201 ../net.c:211 #, fuzzy msgid "port" msgstr " porta %d" #: ../net.c:203 ../net.c:213 #, fuzzy msgid "service" msgstr "<td>serviço</td>" #: ../net.c:206 #, fuzzy msgid "destination" msgstr "<td>destino</td>" #: ../net.c:216 msgid "opts" msgstr "" #: ../net.c:217 #, fuzzy msgid "time remaining" msgstr "<td>Tempo restante</td></tr>\n" #: ../net.c:218 msgid "action" msgstr "" #: ../net.c:270 ../net.c:272 ../net.c:337 #, fuzzy msgid "Information" msgstr "" "\n" "</div>\n" "<h2>Informações Gerais</h2>\n" #: ../net.c:276 ../net.c:278 ../net.c:375 msgid "Options" msgstr "" #: ../net.c:282 ../net.c:284 ../net.c:403 #, fuzzy msgid "Packet cache" msgstr "<h2>Cache de pacotes</h2>\n" #: ../net.c:288 ../net.c:290 ../net.c:472 #, fuzzy msgid "Host status" msgstr "<h2>Situação da maquina</h2>\n" #: ../net.c:293 msgid "Reload" msgstr "" #: ../net.c:342 msgid "Daemon start time" msgstr "" #: ../net.c:345 msgid "Current time" msgstr "" #: ../net.c:348 msgid "Running time" msgstr "" #: ../net.c:350 msgid "Log" msgstr "" #: ../net.c:351 #, fuzzy msgid "Response mode" msgstr "Modo de resposta : registra%s%s" #: ../net.c:353 msgid "Lines seen" msgstr "" #: ../net.c:354 msgid "Hits" msgstr "" #: ../net.c:355 msgid "Old/excluded/malformed" msgstr "" #: ../net.c:362 #, fuzzy msgid "Entries in packet cache" msgstr "<h2>Cache de pacotes</h2>\n" #: ../net.c:369 #, fuzzy msgid "Entries in host status" msgstr "<h2>Situação da maquina</h2>\n" #: ../net.c:377 msgid "Parameter" msgstr "" #: ../net.c:379 msgid "Decrease" msgstr "" #: ../net.c:381 msgid "Current" msgstr "" #: ../net.c:383 msgid "Increase" msgstr "" #: ../net.c:385 #, fuzzy msgid "Alert threshold" msgstr "Limite de alerta em uma tentativa" #: ../net.c:387 msgid "Discard timeout" msgstr "" #: ../net.c:388 msgid "Minimum count in packet cache" msgstr "" #: ../net.c:390 ../net.c:392 msgid "Top amount of entries in packet cache" msgstr "" #: ../net.c:395 ../net.c:397 msgid "Refresh time" msgstr "" #: ../net.c:419 ../net.c:528 msgid "%Y/%m/%d %H:%M:%S" msgstr "" #: ../net.c:456 ../net.c:558 msgid "drop" msgstr "" #: ../net.c:458 msgid "escalate" msgstr "" #: ../net.c:493 ../net.c:509 ../net.c:515 ../net.c:521 msgid "<td>any</td>" msgstr "<td>qualquer</td>" #: ../net.c:503 #, fuzzy msgid "<td>(known host)</td>" msgstr "<td>-</td><td>%s/%d (maquina/rede conhecida)</td>" #: ../net.c:505 #, fuzzy msgid "<td>(known net)</td>" msgstr "<td>-</td><td>%s/%d (maquina/rede conhecida)</td>" #: ../net.c:605 #, fuzzy, c-format msgid "Rejected connection from unallowed IP address %s port %i" msgstr "Conexão recusada de endedeço não permitido : ip %s porta %i" #: ../net.c:614 #, c-format msgid "Connect from %s port %i" msgstr "Conexão de %s porta %i" #: ../net.c:677 msgid "Authorization failed" msgstr "Falha na autorização" #: ../net.c:680 #, fuzzy msgid "Authorization required" msgstr "Falha na autorização" #: ../net.c:757 msgid "Bad request" msgstr "" #: ../net.c:762 msgid "Redirect" msgstr "" #: ../net.c:762 msgid "You should be redirected to the <a href=\"/\">root directory</a>" msgstr "" #: ../net.c:774 #, c-format msgid "Requested function: %s" msgstr "" #: ../net.c:777 msgid "Connection closed" msgstr "Coneão fechada" #: ../output.c:200 #, c-format msgid " to " msgstr " para " #: ../output.c:255 #, c-format msgid " packet" msgstr " pacote" #: ../output.c:257 #, c-format msgid " packets" msgstr " pacotes" #: ../output.c:261 #, fuzzy, c-format msgid " (%lu bytes)" msgstr " (%d bytes)" #: ../output.c:264 #, c-format msgid " from %s" msgstr " de %s" #: ../output.c:280 ../output.c:293 #, c-format msgid " port %d" msgstr " porta %d" #: ../output.c:286 #, c-format msgid " to %s" msgstr " para %s" #: ../output.c:313 #, fuzzy, c-format msgid "<th>start</th>" msgstr "<td>inicio</td>" #: ../output.c:316 #, fuzzy, c-format msgid "<th>end</th>" msgstr "<td>termino</td>" #: ../output.c:319 #, fuzzy, c-format msgid "<th>interval</th>" msgstr "<td>intervalo</td>" #: ../output.c:322 #, fuzzy, c-format msgid "<th>loghost</th>" msgstr "<td>servidor</td>" #: ../output.c:325 #, fuzzy, c-format msgid "<th>chain</th>" msgstr "<td>chain</td>" #: ../output.c:328 #, fuzzy, c-format msgid "<th>target</th>" msgstr "<td>destino</td>" #: ../output.c:331 #, fuzzy, c-format msgid "<th>interface</th>" msgstr "<td>interface</td>" #: ../output.c:334 #, fuzzy, c-format msgid "<th>proto</th>" msgstr "<td>protocolo</td>" #: ../output.c:337 #, fuzzy, c-format msgid "<th>bytes</th>" msgstr "<td>bytes</td>" #: ../output.c:340 #, fuzzy, c-format msgid "<th>source</th>" msgstr "<td>origem</td>" #: ../output.c:342 ../output.c:356 #, fuzzy, c-format msgid "<th>hostname</th>" msgstr "<td>maquina</td>" #: ../output.c:344 #, fuzzy, c-format msgid "<th>whois information</th>" msgstr "<td>informação whois</td>" #: ../output.c:348 ../output.c:360 #, fuzzy, c-format msgid "<th>port</th>" msgstr "<td>porta</td>" #: ../output.c:350 ../output.c:362 #, fuzzy, c-format msgid "<th>service</th>" msgstr "<td>serviço</td>" #: ../output.c:354 #, fuzzy, c-format msgid "<th>destination</th>" msgstr "<td>destino</td>" #: ../output.c:366 #, fuzzy, c-format msgid "<th>opts</th>" msgstr "<td>opções</td>" #: ../parser.c:270 #, c-format msgid "Unknown parser: '%c'.\n" msgstr "Tipo desconhecido: '%c'.\n" #: ../rcfile.c:58 #, c-format msgid "Error in configuration file '%s' line %d: not a number\n" msgstr "" #: ../rcfile.c:87 #, c-format msgid "Error in configuration file '%s' line %d, assuming 'true'\n" msgstr "" #: ../rcfile.c:281 #, fuzzy, c-format msgid "Unrecognized option in configuration file '%s' line %d\n" msgstr "Opção desconhecida no arquivo rc: %s" #: ../rcfile.c:332 #, fuzzy, c-format msgid "Unrecognized entry in DNS cache file '%s' line %d\n" msgstr "Opção desconhecida no arquivo rc: %s" #: ../rcfile.c:349 #, c-format msgid "%s is not a regular file, ignoring.\n" msgstr "%s não é um arquivo padrão, ignorando.\n" #: ../rcfile.c:358 #, fuzzy, c-format msgid "Opening DNS cache file '%s'\n" msgstr "Abrindo arquivo de entrada '%s'\n" #: ../rcfile.c:360 #, fuzzy, c-format msgid "Opening configuration file '%s'\n" msgstr "Abrindo arquivo de entrada '%s'\n" #: ../resolve.c:62 #, c-format msgid "port mismatch: %d != %d\n" msgstr "porta incompativel: %d != %d\n" #: ../resolve.c:99 ../resolve.c:172 msgid "[timeout]" msgstr "" #: ../resolve.c:101 ../resolve.c:174 msgid "[server failure]" msgstr "" #: ../resolve.c:111 ../resolve.c:213 #, c-format msgid "Resolving %s\n" msgstr "Resolvendo %s\n" #: ../resolve.c:122 #, c-format msgid "%s [forward lookup failed]" msgstr "%s [resolução direta falhou]" #: ../resolve.c:131 #, fuzzy, c-format msgid " [v4 forward lookup: %s]" msgstr "%s [resolução direta: %s]" #: ../resolve.c:138 #, fuzzy, c-format msgid " [v6 forward lookup: %s]" msgstr "%s [resolução direta: %s]" #: ../resolve.c:180 #, c-format msgid "[adns status %d]" msgstr "" #: ../resolve.c:192 msgid "[adns error]" msgstr "" #: ../resolve.c:206 ../resolve.c:354 #, c-format msgid "Resolving %s from cache\n" msgstr "Resolvendo %s pelo cache\n" #: ../resolve.c:218 #, fuzzy, c-format msgid "Resolving %s from adns\n" msgstr "Resolvendo %s pelo cache\n" #: ../resolve.c:240 #, c-format msgid "IP address %s is already in DNS cache\n" msgstr "" #: ../resolve.c:246 #, c-format msgid "Adding IP address '%s' with host name '%s' to DNS cache\n" msgstr "" #: ../resolve.c:283 #, c-format msgid "Submitted %s to adns\n" msgstr "" #: ../response.c:56 msgid "One logging ipchains firewall rule defined" msgstr "Uma regra de firewall ipchains com log definida" #: ../response.c:58 #, c-format msgid "%u logging ipchains firewall rules defined" msgstr "%u regras de firewall ipchains com log definidas" #: ../response.c:61 msgid "No logging ipchains firewall rules defined, format was requested" msgstr "Nenhuma regra de firewall com log definida, formato requerido" #: ../response.c:82 #, c-format msgid "%s is group/world writable" msgstr "%s é acessivel para gravação por grupo/outros" #: ../response.c:168 #, c-format msgid "Deleting packet cache entry (%s)" msgstr "Removendo pacote do cache (%s)" #: ../response.c:202 #, c-format msgid "Deleting host status entry (%s)" msgstr "Removendo situação da maquina (%s)" #: ../response.c:280 #, c-format msgid "ALERT: %d attempts from %s" msgstr "ALERTA: %d tentativas de %s" #: ../utils.c:53 #, c-format msgid "" "\n" "Memory allocation error, exiting.\n" msgstr "" "\n" "Erro de alocação de memória, saindo.\n" #: ../utils.c:68 msgid "Exiting" msgstr "Saindo" #: ../utils.c:77 msgid "Not executing buffer containing format string" msgstr "Não executando buffer contendo string de formatação" #: ../utils.c:82 #, c-format msgid "Executing '%s'" msgstr "Executando '%s'" #: ../utils.c:194 #, fuzzy, c-format msgid "" "fwlogwatch error: mode collision, please check that you didn't specify\n" " several modes on the command line or a second mode is active in the\n" " configuration file.\n" " Please use a separate configuration file for each mode or comment out " "all\n" " entries in the default configuration and use command line parameters.\n" msgstr "" "erro fwlogwatch: colisão de modo, verifique se você especificou mais de\n" " um modo na linha de comando, ou um segundo modo esta ativo na confi-\n" " guração especificada ou padrão.\n" " Utilize um arquivo de configuração separado para cada modo ou comente \n" " as linhas na configuração padrão e utilize parametros de linha de \n" " comando.\n" #: ../utils.c:301 #, c-format msgid "[error]" msgstr "" #: ../utils.c:317 #, c-format msgid "IP address error: %s\n" msgstr "Erro no endereço IP: %s\n" #: ../utils.c:342 ../utils.c:353 #, c-format msgid "Error in CIDR format: %s\n" msgstr "Erro no formato CIDR: %s\n" #: ../utils.c:403 #, c-format msgid "(known host)\n" msgstr "(maquina desconhecida)\n" #: ../utils.c:443 #, c-format msgid "(excluded host)\n" msgstr "(maquina escluida)\n" #: ../whois.c:226 #, fuzzy, c-format msgid "Looking up whois info for %s(/%d) from cache\n" msgstr "Verificando informação whois para %s no cache\n" #: ../whois.c:233 #, c-format msgid "Looking up whois info for %s\n" msgstr "Verificando informação whios para %s\n" #: ../whois.c:254 #, c-format msgid "lookup failed: %s\n" msgstr "resolução falhou: %s\n" #: ../main.h:314 msgid "fwlogwatch summary" msgstr "Resumo do fwlogwatch" #: ../main.h:324 msgid "fwlogwatch status" msgstr "Situação do fwlogwatch" #~ msgid "Wrong host name size\n" #~ msgstr "Tamanho do nome de maquina invalido\n" #, fuzzy #~ msgid "[inconsistent forward lookup]" #~ msgstr "%s [resolução direta: %s]" #, fuzzy #~ msgid "Interactive report mode (summary mode extension):\n" #~ msgstr "Modo de relatório interativo:\n" #, fuzzy #~ msgid " -i <count> interactive mode with report threshold\n" #~ msgstr "" #~ " -i <num> modo interativo com limite minimo para ativação\n" #, fuzzy #~ msgid " -T <email> address of CERT or abuse contact to send report to\n" #~ msgstr "" #~ " -T <email> endereço do CERT ou contato de abuso para envio do " #~ "relatório\n" #, fuzzy #~ msgid " -I <file> template file for report (defaults to %s)\n" #~ msgstr " -I <arq.> arquivo modelo para relatório\n" #~ msgid "" #~ "Reporting threshold: %d\n" #~ "\n" #~ msgstr "" #~ "Limite minimo do relatório: %d\n" #~ "\n" #~ msgid "Offending IP address: %s\n" #~ msgstr "Endereço IP ofensor : %s\n" #~ msgid "Offending IP name: %s\n" #~ msgstr "Nome do ofensor : %s\n" #~ msgid "Target IP address: %s\n" #~ msgstr "Endereço IP destino: %s\n" #~ msgid "Target IP name: %s\n" #~ msgstr "Nome do destino: %s\n" #~ msgid "Number of logged attempts: %s\n" #~ msgstr "Numero de tentativas registradas: %s\n" #~ msgid "Start time: %s\n" #~ msgstr "Horario de inicio: %s\n" #~ msgid "End time: %s\n" #~ msgstr "Termino: %s\n" #~ msgid "Timezone: %s\n" #~ msgstr "Zona: %s\n" #~ msgid "Duration: %s\n" #~ msgstr "Duração: %s\n" #~ msgid "Protocol: %s\n" #~ msgstr "Protocolo: %s\n" #~ msgid "Source port: %s\n" #~ msgstr "Porta de origem: %s\n" #~ msgid "Destination port: %s\n" #~ msgstr "Porta de destino: %s\n" #~ msgid "TCP options: %s\n" #~ msgstr "Opções TCP: %s\n" #~ msgid "Tracking number: %s\n" #~ msgstr "Numero de referencia: %s\n" #~ msgid "Incident report %s-%s" #~ msgstr "Relatório de incidente %s-%s" #~ msgid "%d (unknown)" #~ msgstr "%d (desconhecido)" #~ msgid "no SYNs" #~ msgstr "sem SYNs" #~ msgid "SYNs only" #~ msgstr "somente SYNs" #~ msgid "" #~ "\n" #~ "What do you want to change? [1-18/(o)k] " #~ msgstr "" #~ "\n" #~ "O que você deseja alterar? [1-18/(o)k] " #~ msgid "New value: " #~ msgstr "Novo valor: " #~ msgid "" #~ "\n" #~ "Should this report be sent? [(s)end/(m)odify/(q)uit] " #~ msgstr "" #~ "\n" #~ "Esse relatorio deve ser enviado? [(s) envia/(m)odifica/(q) termina] " #, fuzzy #~ msgid "<tr><td align=\"right\">Daemon start time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>Horario de inicialização:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Current time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>Horario atual:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Running time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>Tempo de execução:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Response mode:</td><td>Log%s%s</td></tr>\n" #~ msgstr "<tr><td>Modo de resposta:</td><td>registra%s%s</td></tr>\n" #, fuzzy #~ msgid "Host status: %d</td></tr>\n" #~ msgstr "<h2>Situação da maquina</h2>\n" #, fuzzy #~ msgid "<tr align=\"center\"><th>count</th><th>added</th>" #~ msgstr "" #~ "<tr bgcolor=\"#%s\" align=\"center\"><td>Qtde.</td><td>Adic.</td><td>IP " #~ "origem </td>" #~ msgid "Authorization failed (%s)" #~ msgstr "Falha na autorização (%s)" #~ msgid "" #~ "<body>\n" #~ "<h1>Authorization Required</h1>\n" #~ "</body>\n" #~ "</html>\n" #~ msgstr "" #~ "<body>\n" #~ "<h1>Autorização Requerida</h1>\n" #~ "</body>\n" #~ "</html>\n" #, fuzzy #~ msgid "<p><a href=\"/\">Reload</a>" #~ msgstr "<a href=\"/\">Atualizar</a><br>\n" #, fuzzy #~ msgid "" #~ "<br>\n" #~ "(automatic refresh every %d seconds)</p>\n" #~ msgstr "(atualização automatica a cada %d segundos)<br>\n" #, fuzzy #~ msgid "" #~ "<tr><td>Alert threshold:</td><td>%d entries</td></tr>\n" #~ "<tr><td>Discard timeout:</td><td>%s</td></tr>\n" #~ msgstr "" #~ "<tr><td>Limite de ativação:</td><td>%d entradas</td></tr>\n" #~ "<tr><td>Tempo para descarte:</td><td>%d segundos</td></tr>\n" #, fuzzy #~ msgid " -f <file> specify input file (defaults to %s)\n" #~ msgstr " -f <arq.> especifica arquivo de entrada (padrão : %s)\n" #~ msgid "\"%s\" are packet logs, " #~ msgstr "\"%s\" são registros de pacotes, " #~ msgid " (defaults to '%s')\n" #~ msgstr " (padrão : '%s')\n" #~ msgid " (defaults to %s)\n" #~ msgstr " (padrão : %s)\n" #~ msgid "SIGHUP caught, ignoring" #~ msgstr "SIGHUP recebido, ignorando" #~ msgid "<td>Hostname</td>" #~ msgstr "<td>Maquina</td>" #~ msgid "<td>Destination IP address</td>" #~ msgstr "<td>IP destino</td>" #~ msgid "<td>Protocol</td>" #~ msgstr "<td>Protocolo</td>" #~ msgid "<td>Source port</td>" #~ msgstr "<td>Porta origem</td>" #~ msgid "<td>Service</td>" #~ msgstr "<td>Serviço</td>" #~ msgid "<td>Destination port</td>" #~ msgstr "<td>Porta destino</td>" ��������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/PaxHeaders.8080/de.po�������������������������������������������������������������0000644�0000000�0000000�00000000124�12147420772�016014� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1369317882.372329 27 atime=1369319079.851943 30 ctime=1369319079.853943288 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/de.po�����������������������������������������������������������������������������0000644�0000000�0000000�00000070163�12147420772�015104� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# German translation of fwlogwatch messages # Copyright (C) 2000-2013 Boris Wesslowski # This file is distributed under the same license as the fwlogwatch package. msgid "" msgstr "" "Project-Id-Version: fwlogwatch\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-05-23 15:04+0200\n" "PO-Revision-Date: 2013-05-23 15:15+0200\n" "Last-Translator: Boris Wesslowski <bw@inside-security.de>\n" "Language-Team: -\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../compare.c:158 #, c-format msgid "conn_sort_up: wrong mode\n" msgstr "conn_sort_up: falscher Modus\n" #: ../compare.c:264 #, c-format msgid "Error in sort string: '%c', order expected, ignoring.\n" msgstr "" "Fehler in der Sortierreihenfolge: '%c', Ordnung erwartet, wird ignoriert.\n" #: ../compare.c:278 #, c-format msgid "Error in sort string: '%c', direction expected, ignoring.\n" msgstr "" "Fehler in der Sortierreihenfolge: '%c', Richtung erwartet, wird ignoriert.\n" #: ../compare.c:282 #, c-format msgid "Error in sort string, direction expected, ignoring.\n" msgstr "Fehler in der Sortierreihenfolge, Richtung erwartet, wird ignoriert.\n" #: ../compare.c:382 ../compare.c:384 ../modes.c:193 ../modes.c:200 #: ../modes.c:815 ../modes.c:817 ../output.c:106 ../output.c:113 #: ../output.c:193 ../output.c:202 ../output.c:380 msgid "%b %d %H:%M:%S" msgstr "%b %d %H:%M:%S" #: ../compare.c:383 #, c-format msgid "Timewarp in log file (%s" msgstr "Zeitsprung in Logdatei (%s" #: ../main.c:25 #, c-format msgid "Usage: %s [options] [input_files]\n" msgstr "Gebrauch: %s [Optionen] [Eingabedatei(en)]\n" #: ../main.c:26 #, c-format msgid "General options:\n" msgstr "Allgemeine Optionen:\n" #: ../main.c:27 #, c-format msgid " -h this help\n" msgstr " -h Diese Hilfe\n" #: ../main.c:28 #, c-format msgid " -L show time of first and last log entry\n" msgstr " -L Zeitstempel des ersten und letzten Eintrags anzeigen\n" #: ../main.c:29 #, c-format msgid " -V show version and copyright info\n" msgstr " -V Versions- und Copyrightinformation anzeigen\n" #: ../main.c:32 #, c-format msgid "Global options:\n" msgstr "Globale Optionen:\n" #: ../main.c:33 #, c-format msgid " -b show amount of data (sum of total packet lengths)\n" msgstr " -b Datenmenge anzeigen (Summe der Paketlängen)\n" #: ../main.c:34 #, c-format msgid " -c <file> specify config file (defaults to %s)\n" msgstr " -c <datei> Konfigurationsdatei angeben (Vorgabe: %s)\n" #: ../main.c:35 #, c-format msgid " -D do not differentiate destination IP addresses\n" msgstr " -D Ziel-IP-Adressen nicht unterscheiden\n" #: ../main.c:36 #, c-format msgid " -d differentiate destination ports\n" msgstr " -d Zielports unterscheiden\n" #: ../main.c:37 #, c-format msgid " -E <format> select or exclude hosts, ports, chains and targets\n" msgstr "" " -E <format> Aussuchen oder Ausschliessen von IP-Adressen, Ports, usw.\n" #: ../main.c:38 #, c-format msgid " quick reference: -E[ie][hp][sd]<ip/number>\n" msgstr " Kurzübersicht: -E[ie][hp][sd]<ip/nummer>\n" #: ../main.c:39 #, c-format msgid " -E[ie][cb]<name>\n" msgstr " -E[ie][cb]<name>\n" #: ../main.c:40 #, c-format msgid " -i <file> initialize DNS cache with entries from file\n" msgstr " -i <datei> Initialisiere DNS-Cache aus dieser Datei\n" #: ../main.c:41 #, c-format msgid " -M <number> only show this amount of entries\n" msgstr " -M <anzahl> Nur so viele Einträge anzeigen\n" #: ../main.c:42 #, c-format msgid " -m <count> only show entries with at least so many incidents\n" msgstr " -m <anzahl> Nur Einträge mit mindestens dieser Anzahl anzeigen\n" #: ../main.c:43 #, c-format msgid " -N resolve service names\n" msgstr " -N Dienstenamen auflösen\n" #: ../main.c:44 #, c-format msgid " -n resolve host names\n" msgstr " -n Rechnernamen auflösen\n" #: ../main.c:45 #, c-format msgid " -O <order> define the sort order (see the man page for details)\n" msgstr " -O <ordnung> Sortierung der Ausgabe (siehe Dokumentation)\n" #: ../main.c:46 #, c-format msgid "" " -P <format> use parsers for specific formats (defaults to netfilter)\n" msgstr "" " -P <format> Parser für bestimmte Formate benutzen (Vorgabe: netfilter)\n" #: ../main.c:47 #, c-format msgid " i: ipchains, n: netfilter, f: ipfilter, c: cisco ios\n" msgstr " i: ipchains, n: netfilter, f: ipfilter, c: cisco ios\n" #: ../main.c:48 #, c-format msgid "" " p: cisco pix, e: netscreen, l: lancom, s: snort, b: ipfw\n" msgstr "" " p: cisco pix, e: netscreen, l: lancom, s: snort, b: ipfw\n" #: ../main.c:49 #, c-format msgid " -p differentiate protocols\n" msgstr " -p Protokolle unterscheiden\n" #: ../main.c:50 #, c-format msgid " -s differentiate source ports\n" msgstr " -s Quellports unterscheiden\n" #: ../main.c:51 #, c-format msgid " -U <title> set report and status page title and email subject\n" msgstr "" " -U <titel> Titel des Berichts, der Statusseite und E-Mail-Betreff " "setzen\n" #: ../main.c:52 #, c-format msgid " -v verbose, specify twice for more info\n" msgstr "" " -v Information bei der Verarbeitung anzeigen (-vv für mehr)\n" #: ../main.c:53 #, c-format msgid " -y differentiate TCP options\n" msgstr " -y TCP-Optionen unterscheiden\n" #: ../main.c:56 #, c-format msgid "Log summary mode (default):\n" msgstr "Loganalysemodus (Vorgabe):\n" #: ../main.c:57 #, c-format msgid " -C <email> carbon copy recipients\n" msgstr " -C <email> Empfängeradresse für Kopien\n" #: ../main.c:58 #, c-format msgid " -e show end times\n" msgstr " -e Endzeiten anzeigen\n" #: ../main.c:59 #, c-format msgid " -F <email> report sender address (defaults to '%s')\n" msgstr " -F <email> Absenderadresse des Berichts (Vorgabe: %s)\n" #: ../main.c:60 #, c-format msgid " -l <time> process recent events only (defaults to off)\n" msgstr "" " -l <zeit> Nur die jügsten Einträge bearbeiten (Vorgabe: deaktiviert)\n" #: ../main.c:61 #, c-format msgid " -o <file> specify output file\n" msgstr " -o <datei> Ausgabedatei angeben\n" #: ../main.c:62 #, c-format msgid " -S do not differentiate source IP addresses\n" msgstr " -S Quell-IP-Adressen nicht unterscheiden\n" #: ../main.c:63 #, c-format msgid " -T <email> send report by email to this address\n" msgstr " -T <email> Bericht per E-mail an diese Adresse senden\n" #: ../main.c:64 #, c-format msgid " -t show start times\n" msgstr " -t Anfangszeiten anzeigen\n" #: ../main.c:65 #, c-format msgid " -W activate whois lookups for source addresses\n" msgstr " -W whois-Nachfrage für Quell-IP-Adressen\n" #: ../main.c:66 #, c-format msgid " -w HTML output\n" msgstr " -w HTML-Ausgabe\n" #: ../main.c:67 #, c-format msgid " -z show time interval\n" msgstr " -z Zeitintervalle anzeigen\n" #: ../main.c:70 #, c-format msgid "Realtime response mode:\n" msgstr "Echtzeitantwortmodus:\n" #: ../main.c:71 #, c-format msgid " -R realtime response as daemon (default action: log only)\n" msgstr "" " -R Echtzeitantwort als Daemon (Vorgegebene Aktion: Loggen)\n" #: ../main.c:72 #, c-format msgid " -a <count> alert threshold (defaults to %d entries)\n" msgstr " -a <anzahl> Alarmschwelle (Vorgabe: %d Einträge)\n" #: ../main.c:73 #, c-format msgid " -l <time> forget events this old (defaults to %d hours)\n" msgstr "" " -l <zeit> Alte Ereignisse werden verworfen (Vorgabe: %d Stunden)\n" #: ../main.c:74 #, c-format msgid " -k <IP/net> add this IP address or net to the list of known hosts\n" msgstr "" " -k <ip/netz> Diese IP-Adresse(n) in der Liste der Bekannten aufnehmen\n" #: ../main.c:75 #, c-format msgid " -A invoke notification script if threshold is reached\n" msgstr "" " -A Aufruf des Benachrichtigungsskripts bei Err. der Schwelle\n" #: ../main.c:76 #, c-format msgid " -B invoke response action script (e.g. block host)\n" msgstr " -B Aufruf des Antwortskipts (z.B. um Rechner zu sperren)\n" #: ../main.c:77 #, c-format msgid " -X <port> activate internal status information web server\n" msgstr " -X <port> Internen Webserver für Zustandsinformation aktivieren\n" #: ../main.c:103 msgid "You can contact the author at <bw@inside-security.de>." msgstr "Der Autor ist unter <bw@inside-security.de> zu erreichen." #: ../main.c:105 msgid "Compile-time options of this version:" msgstr "Beim kompilieren dieser Version benutzte Optionen:" #: ../main.c:106 #, c-format msgid "Short name limit " msgstr "Längenbegrenzung der Namen " #: ../main.c:108 ../main.c:114 ../main.c:120 ../main.c:126 msgid "enabled" msgstr "aktiviert" #: ../main.c:110 ../main.c:116 ../main.c:122 ../main.c:128 msgid "disabled" msgstr "deaktiviert" #: ../main.c:112 #, c-format msgid "Zlib support " msgstr "Zlib-Unterstützung " #: ../main.c:118 #, c-format msgid "Gettext (i18n) support " msgstr "Gettext-Unterstützung (i18n) " #: ../main.c:124 #, c-format msgid "GNU adns support " msgstr "GNU adns-Unterstützung " #: ../main.c:282 #, c-format msgid "Illegal inclusion/exclusion pos. 1 (expected [ie]): %s\n" msgstr "Ungültiger Parameter an Position 1 (erwartet: [ie]): %s\n" #: ../main.c:283 ../main.c:300 ../main.c:309 ../main.c:453 #, c-format msgid "Exiting\n" msgstr "Das Programm wird beendet\n" #: ../main.c:299 #, c-format msgid "Illegal inclusion/exclusion pos. 2 (expected [hpcb]): %s\n" msgstr "Ungültiger Parameter an Position 2 (erwartet: [hpcb]): %s\n" #: ../main.c:308 #, c-format msgid "Illegal inclusion/exclusion pos. 3 (expected [sd]): %s\n" msgstr "Ungültiger Parameter an Position 3 (erwartet: [sd]): %s\n" #: ../modes.c:108 #, c-format msgid "Using stdin as input\n" msgstr "Die Daten werden von der Standardeingabe gelesen\n" #: ../modes.c:114 #, c-format msgid "Opening input file '%s'\n" msgstr "Die Eingabedatei '%s' wird geöffnet\n" #: ../modes.c:130 #, c-format msgid "Processing\n" msgstr "Verarbeitung\n" #: ../modes.c:137 #, c-format msgid "Unrecognized entries or tokens can be submitted at\n" msgstr "Unerkannte Einträge können unter folgender URL eingereicht werden:\n" #: ../modes.c:146 ../modes.c:393 ../modes.c:784 ../rcfile.c:379 #, c-format msgid "Closing '%s'\n" msgstr "'%s' wird geschlossen\n" #: ../modes.c:175 #, c-format msgid "Sorting data\n" msgstr "Daten werden sortiert\n" #: ../modes.c:212 #, c-format msgid "Opening output file '%s'\n" msgstr "Die Ausgabedatei '%s' wird geöffnet\n" #: ../modes.c:223 #, c-format msgid "Sending\n" msgstr "Wird versandt\n" #: ../modes.c:246 ../net.c:341 ../net.c:344 msgid "%A %B %d %H:%M:%S %Z %Y" msgstr "%A, %d. %B %H:%M:%S %Z %Y" #: ../modes.c:247 #, c-format msgid "Generated %s by " msgstr "Erzeugt am %s von " #: ../modes.c:257 #, c-format msgid "an unknown user.\n" msgstr "einem unbekannten Benutzer.\n" #: ../modes.c:265 #, c-format msgid "(and %d older than %d seconds) " msgstr "(und %d älter als %d Sekunden) " #: ../modes.c:268 #, c-format msgid "(and %d malformed) " msgstr "(und %d fehlerhaft) " #: ../modes.c:271 #, c-format msgid "of %d entries in the file \"%s\" are packet logs, " msgstr "von %d Einträgen in der Datei \"%s\" sind Paketfiltereinträge, " #: ../modes.c:273 #, c-format msgid "of %d entries in standard input are packet logs, " msgstr "von %d Einträgen aus der Standardeingabe sind Paketfiltereinträge, " #: ../modes.c:275 #, c-format msgid "of %d entries in %d input files are packet logs, " msgstr "von %d Einträgen in %d Dateien sind Paketfiltereinträge, " #: ../modes.c:279 #, c-format msgid "one has unique characteristics.\n" msgstr "einer ist eindeutig.\n" #: ../modes.c:281 #, c-format msgid "%d have unique characteristics.\n" msgstr "%d sind eindeutig.\n" #: ../modes.c:289 #, c-format msgid "One entry was excluded by configuration.\n" msgstr "Ein Eintrag wurde von der Konfiguration ausgeschlossen.\n" #: ../modes.c:291 #, c-format msgid "%d entries were excluded by configuration.\n" msgstr "%d Einträge wurden von der Konfiguration ausgeschlossen.\n" #: ../modes.c:299 #, c-format msgid "First packet log entry: %s, last: %s.\n" msgstr "Erster Paketfiltereintrag: %s, letzter: %s.\n" #: ../modes.c:301 ../modes.c:813 #, c-format msgid "No valid time entries found.\n" msgstr "Keine gültigen Zeiteinträge gefunden.\n" #: ../modes.c:308 #, c-format msgid "All entries were logged by the same host: \"%s\".\n" msgstr "Alle Einträge wurden vom diesem Rechner geloggt: \"%s\".\n" #: ../modes.c:315 #, c-format msgid "All entries are from the same chain: \"%s\".\n" msgstr "Alle Einträge kommen von der selben Kette: \"%s\".\n" #: ../modes.c:322 #, c-format msgid "All entries have the same target: \"%s\".\n" msgstr "Alle Einträge haben das selbe Ziel: \"%s\".\n" #: ../modes.c:329 #, c-format msgid "All entries are from the same interface: \"%s\".\n" msgstr "Alle Einträge kommen von der selben Schnittstelle: \"%s\".\n" #: ../modes.c:336 #, c-format msgid "Only entries with a count of at least %d are shown.\n" msgstr "Nur Einträge mit mindestens %d Treffern werden gezeigt.\n" #: ../modes.c:343 #, c-format msgid "Only the top %d entries are shown.\n" msgstr "Nur die ersten %d Einträge werden gezeigt.\n" #: ../modes.c:354 #, c-format msgid "Resolving\n" msgstr "Auflösung\n" #: ../modes.c:413 #, c-format msgid "Warning: pidfile exists, another fwlogwatch might be running.\n" msgstr "" "Warnung: pid-Datei existiert, fwlogwatch wird evtl. schon ausgeführt.\n" #: ../modes.c:427 #, c-format msgid "SIGHUP caught, reread configuration file %s" msgstr "SIGHUP abgefangen, Konfigurationsdatei %s wird neu eingelesen" #: ../modes.c:429 #, c-format msgid "SIGHUP caught, unable to reread configuration file %s" msgstr "" "SIGHUP abgefangen, Konfigurationsdatei %s konnte nicht neu eingelesen werden" #: ../modes.c:433 #, c-format msgid "Reread DNS cache file %s" msgstr "Die DNS-Cache-Datei %s wird neu eingelesen" #: ../modes.c:435 #, c-format msgid "Unable to reread DNS cache file %s" msgstr "Die DNS-Cache-Datei %s konnte nicht neu eingelesen werden" #: ../modes.c:459 msgid "SIGUSR1 caught, reading input from stdin, no need to reopen log file" msgstr "" "SIGUSR1 abgefangen, die Standardeingabe wird benutzt, neu öffnen nicht nötig" #: ../modes.c:461 #, c-format msgid "SIGUSR1 caught, reopening log file %s" msgstr "SIGUSR1 abgefangen, Logdatei %s wird neu geöffnet" #: ../modes.c:533 msgid "SIGTERM caught, cleaning up" msgstr "SIGTERM abgefangen, Speicher wird aufgeräumt" #: ../modes.c:615 #, c-format msgid "Starting (pid %d)" msgstr "Programmstart (pid %d)" #: ../modes.c:665 msgid "User to run as was not found" msgstr "Der Benutzer dessen ID benutzt werden soll wurde nicht gefunden" #: ../modes.c:680 #, c-format msgid "Changed uid from %d to %d, gid from %d to %d" msgstr "Benutzer-ID gewechselt von %d zu %d, Gruppen-ID von %d zu %d" #: ../modes.c:682 #, c-format msgid "Running with uid %d, gid %d" msgstr "Prozess läuft mit uid %d, gid %d" #: ../modes.c:686 msgid "Alert threshold is one attempt" msgstr "Alarmschwelle ist ein Versuch" #: ../modes.c:688 #, c-format msgid "Alert threshold is %d attempts" msgstr "Alarmschwelle ist %d Versuche" #: ../modes.c:692 #, c-format msgid "Events older than %d second(s) are discarded" msgstr "Ereignisse die älter als %d Sekunde(n) sind werden verworfen" #: ../modes.c:694 #, c-format msgid "Events older than %d hour(s) are discarded" msgstr "Ereignisse die älter als %d Stunde(n) sind werden verworfen" #: ../modes.c:697 #, c-format msgid "Response mode: Log%s%s" msgstr "Antwortmodus: loggen%s%s" #: ../modes.c:697 ../net.c:350 msgid ", notify" msgstr ", benachrichtigen" #: ../modes.c:697 ../net.c:350 msgid ", respond" msgstr ", antworten" #: ../modes.c:728 #, c-format msgid "Reading standard input\n" msgstr "Die Standardeingabe wird gelesen\n" #: ../modes.c:744 #, c-format msgid "Reading '%s'\n" msgstr "Die Datei '%s' wird gelesen\n" #: ../modes.c:810 #, c-format msgid "Number of files: %d\n" msgstr "Anzahl der Dateien: %d\n" #: ../modes.c:811 #, c-format msgid "Number of lines: %d\n" msgstr "Anzahl der Zeilen: %d\n" #: ../modes.c:816 #, c-format msgid "First entry: %s\n" msgstr "Erster Eintrag: %s\n" #: ../modes.c:818 #, c-format msgid "Last entry : %s\n" msgstr "Letzter Eintrag: %s\n" #: ../modes.c:820 #, c-format msgid "Difference : %s\n" msgstr "Differenz : %s\n" #: ../net.c:106 #, c-format msgid "Listening on %s port %i" msgstr "Lauschen auf %s port %i" #: ../net.c:109 #, c-format msgid "Connections are only allowed from %s" msgstr "Verbindungen sind nur von %s erlaubt" #: ../net.c:149 msgid "decode_base64: input string incomplete" msgstr "decode_base64: Eingabezeichenkette unvollständig" #: ../net.c:156 #, c-format msgid "decode_base64: illegal character '%c' in input string" msgstr "decode_base64: ungültiges Zeichen '%c' in der Eingabe" #: ../net.c:191 msgid "count" msgstr "Anzahl" #: ../net.c:192 msgid "added" msgstr "Hinzugefügt" #: ../net.c:194 msgid "proto" msgstr "Protokoll" #: ../net.c:196 msgid "bytes" msgstr "Bytes" #: ../net.c:197 msgid "source" msgstr "Quelle" #: ../net.c:199 ../net.c:208 msgid "hostname" msgstr "Rechnername" #: ../net.c:201 ../net.c:211 msgid "port" msgstr "Port" #: ../net.c:203 ../net.c:213 msgid "service" msgstr "Dienst" #: ../net.c:206 msgid "destination" msgstr "Ziel" #: ../net.c:216 msgid "opts" msgstr "Optionen" #: ../net.c:217 msgid "time remaining" msgstr "Verbleibende Zeit" #: ../net.c:218 msgid "action" msgstr "Aktion" #: ../net.c:270 ../net.c:272 ../net.c:337 msgid "Information" msgstr "Information" #: ../net.c:276 ../net.c:278 ../net.c:375 msgid "Options" msgstr "Optionen" #: ../net.c:282 ../net.c:284 ../net.c:403 msgid "Packet cache" msgstr "Paketcache" #: ../net.c:288 ../net.c:290 ../net.c:472 msgid "Host status" msgstr "Rechnerzustand" #: ../net.c:293 msgid "Reload" msgstr "Neu laden" #: ../net.c:342 msgid "Daemon start time" msgstr "Startzeit des Daemons" #: ../net.c:345 msgid "Current time" msgstr "Aktuelle Zeit" #: ../net.c:348 msgid "Running time" msgstr "Ausführungszeit" #: ../net.c:350 msgid "Log" msgstr "Loggen" #: ../net.c:351 msgid "Response mode" msgstr "Antwortmodus" #: ../net.c:353 msgid "Lines seen" msgstr "Gesehene Zeilen" #: ../net.c:354 msgid "Hits" msgstr "Treffer" #: ../net.c:355 msgid "Old/excluded/malformed" msgstr "Alt/ausgeschlossen/fehlerhaft" #: ../net.c:362 msgid "Entries in packet cache" msgstr "Einträge im Paketcache" #: ../net.c:369 msgid "Entries in host status" msgstr "Einträge im Rechnerzustand" #: ../net.c:377 msgid "Parameter" msgstr "Parameter" #: ../net.c:379 msgid "Decrease" msgstr "Reduzieren" #: ../net.c:381 msgid "Current" msgstr "Aktuell" #: ../net.c:383 msgid "Increase" msgstr "Erhöhen" #: ../net.c:385 msgid "Alert threshold" msgstr "Alarmschwelle" #: ../net.c:387 msgid "Discard timeout" msgstr "Zeitgrenze zum Verwerfen:" #: ../net.c:388 msgid "Minimum count in packet cache" msgstr "Minimale Anzahl von Vorfällen bei Einträgen im Paketcache" #: ../net.c:390 ../net.c:392 msgid "Top amount of entries in packet cache" msgstr "Maximale Anzahl von Einträgen im Paketcache" #: ../net.c:395 ../net.c:397 msgid "Refresh time" msgstr "Aktualisierungszeit" #: ../net.c:419 ../net.c:528 msgid "%Y/%m/%d %H:%M:%S" msgstr "%Y/%m/%d %H:%M:%S" #: ../net.c:456 ../net.c:558 msgid "drop" msgstr "Verwerfen" #: ../net.c:458 msgid "escalate" msgstr "Eskalieren" #: ../net.c:493 ../net.c:509 ../net.c:515 ../net.c:521 msgid "<td>any</td>" msgstr "<td>beliebig</td>" #: ../net.c:503 msgid "<td>(known host)</td>" msgstr "<td>(bekannte Adresse)</td>" #: ../net.c:505 msgid "<td>(known net)</td>" msgstr "<td>(bekanntes Netz)</td>" #: ../net.c:605 #, c-format msgid "Rejected connection from unallowed IP address %s port %i" msgstr "Verbindung von unerlaubter IP %s port %i wurde abgewiesen" #: ../net.c:614 #, c-format msgid "Connect from %s port %i" msgstr "Verbindung von %s port %i" #: ../net.c:677 msgid "Authorization failed" msgstr "Autorisierung fehlgeschlagen" #: ../net.c:680 msgid "Authorization required" msgstr "Autorisierung ist notwendig" #: ../net.c:757 msgid "Bad request" msgstr "Ungültige Anfrage" #: ../net.c:762 msgid "Redirect" msgstr "Umleitung" #: ../net.c:762 msgid "You should be redirected to the <a href=\"/\">root directory</a>" msgstr "" "Sie sollten in das <a href=\"/\">Hauptverzeichnis</a> umgeleitet werden" #: ../net.c:774 #, c-format msgid "Requested function: %s" msgstr "Angeforderte Funktion: %s" #: ../net.c:777 msgid "Connection closed" msgstr "Verbindung geschlossen" #: ../output.c:200 #, c-format msgid " to " msgstr " bis " #: ../output.c:255 #, c-format msgid " packet" msgstr " Paket" #: ../output.c:257 #, c-format msgid " packets" msgstr " Pakete" #: ../output.c:261 #, c-format msgid " (%lu bytes)" msgstr " (%lu Bytes)" #: ../output.c:264 #, c-format msgid " from %s" msgstr " von %s" #: ../output.c:280 ../output.c:293 #, c-format msgid " port %d" msgstr " Port %d" #: ../output.c:286 #, c-format msgid " to %s" msgstr " bis %s" #: ../output.c:313 #, c-format msgid "<th>start</th>" msgstr "<th>Anfang</th>" #: ../output.c:316 #, c-format msgid "<th>end</th>" msgstr "<th>Ende</th>" #: ../output.c:319 #, c-format msgid "<th>interval</th>" msgstr "<th>Intervall</th>" #: ../output.c:322 #, c-format msgid "<th>loghost</th>" msgstr "<th>Logrechner</th>" #: ../output.c:325 #, c-format msgid "<th>chain</th>" msgstr "<th>Kette</th>" #: ../output.c:328 #, c-format msgid "<th>target</th>" msgstr "<th>Ziel</th>" #: ../output.c:331 #, c-format msgid "<th>interface</th>" msgstr "<th>Schnittstelle</th>" #: ../output.c:334 #, c-format msgid "<th>proto</th>" msgstr "<th>Protokoll</th>" #: ../output.c:337 #, c-format msgid "<th>bytes</th>" msgstr "<th>Bytes</th>" #: ../output.c:340 #, c-format msgid "<th>source</th>" msgstr "<th>Quelle</th>" #: ../output.c:342 ../output.c:356 #, c-format msgid "<th>hostname</th>" msgstr "<th>Rechnername</th>" #: ../output.c:344 #, c-format msgid "<th>whois information</th>" msgstr "<th>whois-Information</th>" #: ../output.c:348 ../output.c:360 #, c-format msgid "<th>port</th>" msgstr "<th>Port</th>" #: ../output.c:350 ../output.c:362 #, c-format msgid "<th>service</th>" msgstr "<th>Dienst</th>" #: ../output.c:354 #, c-format msgid "<th>destination</th>" msgstr "<th>Ziel</th>" #: ../output.c:366 #, c-format msgid "<th>opts</th>" msgstr "<th>Optionen</th>" #: ../parser.c:270 #, c-format msgid "Unknown parser: '%c'.\n" msgstr "Unbekannter Parser: '%c'.\n" #: ../rcfile.c:58 #, c-format msgid "Error in configuration file '%s' line %d: not a number\n" msgstr "" "Fehler in der Konfigurationsdatei '%s' in Zeile %d: Nicht eine Nummer\n" #: ../rcfile.c:87 #, c-format msgid "Error in configuration file '%s' line %d, assuming 'true'\n" msgstr "Fehler in der Konfigurationsdatei '%s' in Zeile %d: Annahme 'true'\n" #: ../rcfile.c:281 #, c-format msgid "Unrecognized option in configuration file '%s' line %d\n" msgstr "Unbekannte Option in der Konfigurationsdatei '%s' in Zeile %d\n" #: ../rcfile.c:332 #, c-format msgid "Unrecognized entry in DNS cache file '%s' line %d\n" msgstr "Unbekannte Option in der DNS-Cache-Ddatei '%s' in Zeile %d\n" #: ../rcfile.c:349 #, c-format msgid "%s is not a regular file, ignoring.\n" msgstr "%s ist keine normale Datei, wird ignoriert.\n" #: ../rcfile.c:358 #, c-format msgid "Opening DNS cache file '%s'\n" msgstr "Die DNS-Cache-Datei '%s' wird geöffnet\n" #: ../rcfile.c:360 #, c-format msgid "Opening configuration file '%s'\n" msgstr "Die Konfigurationsdatei '%s' wird geöffnet\n" #: ../resolve.c:62 #, c-format msgid "port mismatch: %d != %d\n" msgstr "Port-Versatz: %d != %d\n" #: ../resolve.c:99 ../resolve.c:172 msgid "[timeout]" msgstr "[Zeitüberschreitung]" #: ../resolve.c:101 ../resolve.c:174 msgid "[server failure]" msgstr "[Server-Fehler]" #: ../resolve.c:111 ../resolve.c:213 #, c-format msgid "Resolving %s\n" msgstr "Auflösung von %s\n" #: ../resolve.c:122 #, c-format msgid "%s [forward lookup failed]" msgstr "%s [Vorwärts-Suche fehlgeschlagen]" #: ../resolve.c:131 #, c-format msgid " [v4 forward lookup: %s]" msgstr " [IPv4 Vorwärts-Suche: %s]" #: ../resolve.c:138 #, c-format msgid " [v6 forward lookup: %s]" msgstr " [IPv6 Vorwärts-Suche: %s]" #: ../resolve.c:180 #, c-format msgid "[adns status %d]" msgstr "[adns-Status %d]" #: ../resolve.c:192 msgid "[adns error]" msgstr "[adns-Fehler]" #: ../resolve.c:206 ../resolve.c:354 #, c-format msgid "Resolving %s from cache\n" msgstr "Auflösung von %s aus dem Cache\n" #: ../resolve.c:218 #, c-format msgid "Resolving %s from adns\n" msgstr "Auflösung von %s mit adns\n" #: ../resolve.c:240 #, c-format msgid "IP address %s is already in DNS cache\n" msgstr "Die IP-Adresse %s ist bereits im DNS-Cache\n" #: ../resolve.c:246 #, c-format msgid "Adding IP address '%s' with host name '%s' to DNS cache\n" msgstr "IP-Adresse '%s' mit Hostname '%s' wird dem DNS-Cache hinzugefügt\n" #: ../resolve.c:283 #, c-format msgid "Submitted %s to adns\n" msgstr "%s an adns übergeben\n" #: ../response.c:56 msgid "One logging ipchains firewall rule defined" msgstr "Eine loggende ipchains Firewall-Regel definiert" #: ../response.c:58 #, c-format msgid "%u logging ipchains firewall rules defined" msgstr "%u loggende ipchains Firewall-Regeln definiert" #: ../response.c:61 msgid "No logging ipchains firewall rules defined, format was requested" msgstr "" "Keine loggende ipchains Firewall-Regeln definiert, Format wurde verlangt" #: ../response.c:82 #, c-format msgid "%s is group/world writable" msgstr "%s ist schreibbar für die Gruppe/Welt" #: ../response.c:168 #, c-format msgid "Deleting packet cache entry (%s)" msgstr "Eintrag aus dem Paketcache wird gelöscht (%s)" #: ../response.c:202 #, c-format msgid "Deleting host status entry (%s)" msgstr "Eintrag aus dem Rechnercache wird gelöscht (%s)" #: ../response.c:280 #, c-format msgid "ALERT: %d attempts from %s" msgstr "ALARM: %d Versuche von %s" #: ../utils.c:53 #, c-format msgid "" "\n" "Memory allocation error, exiting.\n" msgstr "" "\n" "Speicherallokationsfehler, das Porgramm wird beendet.\n" #: ../utils.c:68 msgid "Exiting" msgstr "Das Programm wird beendet" #: ../utils.c:77 msgid "Not executing buffer containing format string" msgstr "Puffer mit Formatzeichen wird nicht ausgeführt" #: ../utils.c:82 #, c-format msgid "Executing '%s'" msgstr "'%s' wird ausgeführt" #: ../utils.c:194 #, c-format msgid "" "fwlogwatch error: mode collision, please check that you didn't specify\n" " several modes on the command line or a second mode is active in the\n" " configuration file.\n" " Please use a separate configuration file for each mode or comment out " "all\n" " entries in the default configuration and use command line parameters.\n" msgstr "" "fwlogwatch-Fehler: Moduskollision, bitte überprüfen Sie, dass Sie nicht\n" " mehrere Modi auf der Kommandozeile angegeben haben oder ein zweiter " "Modus\n" " in der Konfigurationsdatei aktiviert ist.\n" " Bitte benutzen Sie getrennte Konfigurationsdateien für jeden Modus\n" " oder kommentieren Sie alle Einträge in der vorgegebenen\n" " Konfigurationsdatei und benutzen Sie Kommandozeilenparameter.\n" #: ../utils.c:301 #, c-format msgid "[error]" msgstr "[Fehler]" #: ../utils.c:317 #, c-format msgid "IP address error: %s\n" msgstr "IP-Adressfehler: %s\n" #: ../utils.c:342 ../utils.c:353 #, c-format msgid "Error in CIDR format: %s\n" msgstr "Fehler im CIDR-Format: %s\n" #: ../utils.c:403 #, c-format msgid "(known host)\n" msgstr "(bekannter Rechner)\n" #: ../utils.c:443 #, c-format msgid "(excluded host)\n" msgstr "(ausgeschlossener Rechner)\n" #: ../whois.c:226 #, c-format msgid "Looking up whois info for %s(/%d) from cache\n" msgstr "Suche der whois-Information für %s(/%d) aus dem Cache\n" #: ../whois.c:233 #, c-format msgid "Looking up whois info for %s\n" msgstr "Suche der whois-Information für %s\n" #: ../whois.c:254 #, c-format msgid "lookup failed: %s\n" msgstr "Suche fehlgeschlagen: %s\n" #: ../main.h:314 msgid "fwlogwatch summary" msgstr "fwlogwatch-Zusammenfassung" #: ../main.h:324 msgid "fwlogwatch status" msgstr "Zustand von fwlogwatch" �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/PaxHeaders.8080/zh_CN.po����������������������������������������������������������0000644�0000000�0000000�00000000124�12147420772�016425� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1369317882.372329 27 atime=1369319079.847943 30 ctime=1369319079.849943319 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/po/zh_CN.po��������������������������������������������������������������������������0000644�0000000�0000000�00000071324�12147420772�015515� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������msgid "" msgstr "" "Project-Id-Version: fwlogwatch 0.5.2\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-05-23 15:04+0200\n" "PO-Revision-Date: 2002-02-05 14:20+0100\n" "Last-Translator: Xiaojun Yang\n" "Language-Team: -\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=GB2312\n" "Content-Transfer-Encoding: 8bit\n" #: ../compare.c:158 #, c-format msgid "conn_sort_up: wrong mode\n" msgstr "conn_sort_up: ģʽ´íÎó\n" #: ../compare.c:264 #, c-format msgid "Error in sort string: '%c', order expected, ignoring.\n" msgstr "ÅÅÐò´íÎó: '%c', ÐèҪ˳Ðò,ºöÂÔ\n" #: ../compare.c:278 #, c-format msgid "Error in sort string: '%c', direction expected, ignoring.\n" msgstr "ÅÅÐò´íÎó: '%c', ÐèÒª·¶Î§,ºöÂÔ\n" #: ../compare.c:282 #, fuzzy, c-format msgid "Error in sort string, direction expected, ignoring.\n" msgstr "ÅÅÐò´íÎó: '%c', ÐèÒª·¶Î§,ºöÂÔ\n" #: ../compare.c:382 ../compare.c:384 ../modes.c:193 ../modes.c:200 #: ../modes.c:815 ../modes.c:817 ../output.c:106 ../output.c:113 #: ../output.c:193 ../output.c:202 ../output.c:380 msgid "%b %d %H:%M:%S" msgstr "" #: ../compare.c:383 #, c-format msgid "Timewarp in log file (%s" msgstr "logÎļþÖеÄʱ¼ä(%s" #: ../main.c:25 #, fuzzy, c-format msgid "Usage: %s [options] [input_files]\n" msgstr "ʹÓ÷½·¨: %s [Ñ¡Ïî] \n" #: ../main.c:26 #, fuzzy, c-format msgid "General options:\n" msgstr "È«¾ÖÑ¡Ïî: \n" #: ../main.c:27 #, fuzzy, c-format msgid " -h this help\n" msgstr " -h \t°ïÖúÎļþ\n" #: ../main.c:28 #, fuzzy, c-format msgid " -L show time of first and last log entry\n" msgstr " -L <Îļþ> \tÏÔʾÎļþÖеÚÒ»´ÎÓë×îºóÒ»´ÎµÇ½¼Í¼µÄʱ¼ä\n" #: ../main.c:29 #, fuzzy, c-format msgid " -V show version and copyright info\n" msgstr " -V \tÏÔʾ°æ±¾Óë°æȨÐÅÏ¢\n" #: ../main.c:32 #, c-format msgid "Global options:\n" msgstr "È«¾ÖÑ¡Ïî: \n" #: ../main.c:33 #, fuzzy, c-format msgid " -b show amount of data (sum of total packet lengths)\n" msgstr " -b \tÏÔʾÊý¾ÝÁ¿ (ËùÓÐÊý¾Ý°ü³¤¶ÈµÄ×ܺÍ)\n" #: ../main.c:34 #, fuzzy, c-format msgid " -c <file> specify config file (defaults to %s)\n" msgstr " -c <Îļþ> \tÖ¸¶¨ÅäÖÃÎļþ (ȱʡ %s) \n" #: ../main.c:35 #, fuzzy, c-format msgid " -D do not differentiate destination IP addresses\n" msgstr " -D \t²»Çø·ÖÄ¿±êIPµØÖ·\n" #: ../main.c:36 #, fuzzy, c-format msgid " -d differentiate destination ports\n" msgstr " -d \tÇø·ÖÄ¿±ê¶Ë¿Ú\n" #: ../main.c:37 #, c-format msgid " -E <format> select or exclude hosts, ports, chains and targets\n" msgstr "" #: ../main.c:38 #, c-format msgid " quick reference: -E[ie][hp][sd]<ip/number>\n" msgstr "" #: ../main.c:39 #, c-format msgid " -E[ie][cb]<name>\n" msgstr "" #: ../main.c:40 #, c-format msgid " -i <file> initialize DNS cache with entries from file\n" msgstr "" #: ../main.c:41 #, c-format msgid " -M <number> only show this amount of entries\n" msgstr "" #: ../main.c:42 #, fuzzy, c-format msgid " -m <count> only show entries with at least so many incidents\n" msgstr " -m <ÊýÁ¿> \tÖ»ÏÔʾÖÁÉÙÓÐÕâô¶àÊýÁ¿µÄ¼Ç¼\n" #: ../main.c:43 #, fuzzy, c-format msgid " -N resolve service names\n" msgstr " -N \t½âÎöÓòÃû\n" #: ../main.c:44 #, fuzzy, c-format msgid " -n resolve host names\n" msgstr " -n \t½âÎöÓòÃû\n" #: ../main.c:45 #, fuzzy, c-format msgid " -O <order> define the sort order (see the man page for details)\n" msgstr " -O <ÅÅÐò·½·¨> \t¶ÔÊä³ö½øÐÐÅÅÐò (¾ßÌå²Î¼ûÏàÓ¦Îĵµ\n" #: ../main.c:46 #, fuzzy, c-format msgid "" " -P <format> use parsers for specific formats (defaults to netfilter)\n" msgstr " -P <¸ñʽ> \tֻʹÓöÔÓÚÌØÊâ¸ñʽµÄ·ÖÎöÆ÷\n" #: ../main.c:47 #, c-format msgid " i: ipchains, n: netfilter, f: ipfilter, c: cisco ios\n" msgstr "" #: ../main.c:48 #, c-format msgid "" " p: cisco pix, e: netscreen, l: lancom, s: snort, b: ipfw\n" msgstr "" #: ../main.c:49 #, fuzzy, c-format msgid " -p differentiate protocols\n" msgstr " -p \tÇø·Ö´«ÊäЭÒé\n" #: ../main.c:50 #, fuzzy, c-format msgid " -s differentiate source ports\n" msgstr " -s \tÇø·ÖÔ´¶Ë¿Ú\n" #: ../main.c:51 #, c-format msgid " -U <title> set report and status page title and email subject\n" msgstr "" #: ../main.c:52 #, fuzzy, c-format msgid " -v verbose, specify twice for more info\n" msgstr " -v \t´¦ÀíʱÏÔʾÐÅÏ¢,ʹÓà -vv µÃµ½¸ü¶àÐÅÏ¢\n" #: ../main.c:53 #, fuzzy, c-format msgid " -y differentiate TCP options\n" msgstr " -y \tÇø·ÖTCPÑ¡Ïî\n" #: ../main.c:56 #, c-format msgid "Log summary mode (default):\n" msgstr "µÇ½ժҪģʽ (ȱʡ):\n" #: ../main.c:57 #, fuzzy, c-format msgid " -C <email> carbon copy recipients\n" msgstr " -C <email> \tת·¢µØÖ·\n" #: ../main.c:58 #, fuzzy, c-format msgid " -e show end times\n" msgstr " -e \tÏÔʾ½áÊøʱ¼ä\n" #: ../main.c:59 #, fuzzy, c-format msgid " -F <email> report sender address (defaults to '%s')\n" msgstr " -F <email> \t·¢ÐÅÈ˵ØÖ·\n" #: ../main.c:60 #, fuzzy, c-format msgid " -l <time> process recent events only (defaults to off)\n" msgstr " -l <ʱ¼ä> \tÖ»´¦Àíµ±Ç°Ê¼þ (ȱʡΪ¹Ø±Õ)\n" #: ../main.c:61 #, fuzzy, c-format msgid " -o <file> specify output file\n" msgstr " -o <Îļþ> \tÖ¸¶¨Êä³öÎļþ\n" #: ../main.c:62 #, fuzzy, c-format msgid " -S do not differentiate source IP addresses\n" msgstr " -S \t²»Çø·ÖÔ´IPµØÖ·\n" #: ../main.c:63 #, c-format msgid " -T <email> send report by email to this address\n" msgstr "" #: ../main.c:64 #, fuzzy, c-format msgid " -t show start times\n" msgstr " -t \tÏÔʾ¿ªÊ¼Ê±¼ä\n" #: ../main.c:65 #, fuzzy, c-format msgid " -W activate whois lookups for source addresses\n" msgstr " -W \tÆô¶¯¶ÔÔ´IPµØÖ·µÄwhois²éѯ\n" #: ../main.c:66 #, fuzzy, c-format msgid " -w HTML output\n" msgstr " -w \tÒÔHTML¸ñʽÊä³ö\n" #: ../main.c:67 #, fuzzy, c-format msgid " -z show time interval\n" msgstr " -z \tÏÔʾʱ¼ä¼ä¸ô\n" #: ../main.c:70 #, c-format msgid "Realtime response mode:\n" msgstr "ʵʱ»ØӦģʽ:\n" #: ../main.c:71 #, fuzzy, c-format msgid " -R realtime response as daemon (default action: log only)\n" msgstr "\t-R \tʵʱ»ØÓ¦×÷Ϊ´«Êä´úÀí³ÌÐò (ȱʡ: Ö»ÓÐÔËÐмǼ)\n" #: ../main.c:72 #, fuzzy, c-format msgid " -a <count> alert threshold (defaults to %d entries)\n" msgstr " -a <ÊýÁ¿> \t¾¯¸æÁ÷ (ȱʡ %d ¼Ç¼)\n" #: ../main.c:73 #, fuzzy, c-format msgid " -l <time> forget events this old (defaults to %d hours)\n" msgstr " -l <ʱ¼ä> \tºöÂÔ´Ëʱ¼äÇ°¾Éʼþ (ȱʡ: %dСʱ)\n" #: ../main.c:74 #, fuzzy, c-format msgid " -k <IP/net> add this IP address or net to the list of known hosts\n" msgstr " -k <IP/ÍøÂç> \t½«´ËIPµØÖ·¼ÓÈëµ½ÒÑÖªÖ÷»úÁбíÖÐ\n" #: ../main.c:75 #, fuzzy, c-format msgid " -A invoke notification script if threshold is reached\n" msgstr " -A \tÈç¹ûÓÐÁ÷½øÈëÆô¶¯Í¨ÖªÎı¾\n" #: ../main.c:76 #, fuzzy, c-format msgid " -B invoke response action script (e.g. block host)\n" msgstr " -B \tÆô¶¯»ØÓ¦Îı¾ (±ÈÈç ÇжÏÖ÷»úÓëÍⲿÁªÏµ)\n" #: ../main.c:77 #, fuzzy, c-format msgid " -X <port> activate internal status information web server\n" msgstr " -X \tÆô¶¯ÄÚ²¿×´Ì¬ÐÅÏ¢web·þÎñÆ÷\n" #: ../main.c:103 #, fuzzy msgid "You can contact the author at <bw@inside-security.de>." msgstr "ÇëʹÓÃÒÔϵØÖ·Óë×÷ÕßÁªÏµÊµ¼Ê<bw@inside-security.de>." #: ../main.c:105 msgid "Compile-time options of this version:" msgstr "" #: ../main.c:106 #, c-format msgid "Short name limit " msgstr "" #: ../main.c:108 ../main.c:114 ../main.c:120 ../main.c:126 msgid "enabled" msgstr "" #: ../main.c:110 ../main.c:116 ../main.c:122 ../main.c:128 msgid "disabled" msgstr "" #: ../main.c:112 #, c-format msgid "Zlib support " msgstr "" #: ../main.c:118 #, c-format msgid "Gettext (i18n) support " msgstr "" #: ../main.c:124 #, c-format msgid "GNU adns support " msgstr "" #: ../main.c:282 #, c-format msgid "Illegal inclusion/exclusion pos. 1 (expected [ie]): %s\n" msgstr "" #: ../main.c:283 ../main.c:300 ../main.c:309 ../main.c:453 #, c-format msgid "Exiting\n" msgstr "Í˳ö\n" #: ../main.c:299 #, c-format msgid "Illegal inclusion/exclusion pos. 2 (expected [hpcb]): %s\n" msgstr "" #: ../main.c:308 #, c-format msgid "Illegal inclusion/exclusion pos. 3 (expected [sd]): %s\n" msgstr "" #: ../modes.c:108 #, c-format msgid "Using stdin as input\n" msgstr "ʹÓñê×¼ÊäÈë\n" #: ../modes.c:114 #, c-format msgid "Opening input file '%s'\n" msgstr "´ò¿ªÊäÈëÎļþ '%s'\n" #: ../modes.c:130 #, c-format msgid "Processing\n" msgstr "´¦Àí\n" #: ../modes.c:137 #, c-format msgid "Unrecognized entries or tokens can be submitted at\n" msgstr "" #: ../modes.c:146 ../modes.c:393 ../modes.c:784 ../rcfile.c:379 #, c-format msgid "Closing '%s'\n" msgstr "¹Ø±Õ '&s'\n" #: ../modes.c:175 #, c-format msgid "Sorting data\n" msgstr "Êý¾ÝÅÅÐò\n" #: ../modes.c:212 #, c-format msgid "Opening output file '%s'\n" msgstr "´ò¿ªÊä³öÎļþ '%s'\n" #: ../modes.c:223 #, fuzzy, c-format msgid "Sending\n" msgstr "·¢ËÍ...\n" #: ../modes.c:246 ../net.c:341 ../net.c:344 msgid "%A %B %d %H:%M:%S %Z %Y" msgstr "" #: ../modes.c:247 #, c-format msgid "Generated %s by " msgstr "Éú³É %s ÓÉ" #: ../modes.c:257 #, c-format msgid "an unknown user.\n" msgstr "²»Ã÷ʹÓÃÕß\n" #: ../modes.c:265 #, c-format msgid "(and %d older than %d seconds) " msgstr "(²¢ÇÒ &d ±È %d ÀÏ) " #: ../modes.c:268 #, c-format msgid "(and %d malformed) " msgstr "(²¢ÇÒ %d ÓдíÎó)" #: ../modes.c:271 #, fuzzy, c-format msgid "of %d entries in the file \"%s\" are packet logs, " msgstr "ÎļþÖÐ%dµÄ¼Ç¼" #: ../modes.c:273 #, c-format msgid "of %d entries in standard input are packet logs, " msgstr "" #: ../modes.c:275 #, fuzzy, c-format msgid "of %d entries in %d input files are packet logs, " msgstr "ÎļþÖÐ%dµÄ¼Ç¼" #: ../modes.c:279 #, c-format msgid "one has unique characteristics.\n" msgstr "Ò»¸öÓÐÌØÊâÐÎʽ\n" #: ../modes.c:281 #, c-format msgid "%d have unique characteristics.\n" msgstr "%dÓÐÌØÊâÐÎʽ\n" #: ../modes.c:289 #, c-format msgid "One entry was excluded by configuration.\n" msgstr "Ò»Ìõ¼Ç¼ÔÚÅäÖÃʱ±»É¾³ý\n" #: ../modes.c:291 #, c-format msgid "%d entries were excluded by configuration.\n" msgstr "%d¼Ç¼ÔÚÅäÖÃʱ±»É¾³ý\n" #: ../modes.c:299 #, c-format msgid "First packet log entry: %s, last: %s.\n" msgstr "µÚÒ»ÌõÊý¾Ý°üµÇ½¼Ç¼: %s, ×îºóÒ»Ìõ: %s.\n" #: ../modes.c:301 ../modes.c:813 #, c-format msgid "No valid time entries found.\n" msgstr "ûÕÒµ½ÓÐЧʱ¼ä¼Ç¼\n" #: ../modes.c:308 #, c-format msgid "All entries were logged by the same host: \"%s\".\n" msgstr "ËùÓеļǼ¶¼ÊÇ´Óͬһ¸öÖ÷»úµÇ½µÄ: \"%s\".\n" #: ../modes.c:315 #, c-format msgid "All entries are from the same chain: \"%s\".\n" msgstr "ËùÓеļǼ¶¼À´×Ôͬһ¸öÁ´: \"%s\".\n" #: ../modes.c:322 #, c-format msgid "All entries have the same target: \"%s\".\n" msgstr "ËùÓеļǼ¶¼ÓÐͬÑùµÄÄ¿±ê: \"%s\".\n" #: ../modes.c:329 #, c-format msgid "All entries are from the same interface: \"%s\".\n" msgstr "ËùÓеļǼ¶¼À´×Ôͬһ¸ö½çÃæ: \"%s\".\n" #: ../modes.c:336 #, fuzzy, c-format msgid "Only entries with a count of at least %d are shown.\n" msgstr "Ö»ÏÔʾ´óÓÚ%dµÄ¼Ç¼.\n" #: ../modes.c:343 #, fuzzy, c-format msgid "Only the top %d entries are shown.\n" msgstr "Ö»ÏÔʾ´óÓÚ%dµÄ¼Ç¼.\n" #: ../modes.c:354 #, fuzzy, c-format msgid "Resolving\n" msgstr "½âÎö %s\n" #: ../modes.c:413 #, c-format msgid "Warning: pidfile exists, another fwlogwatch might be running.\n" msgstr "¾¯¸æ: ´æÔÚpidÎļþ,¿ÉÄÜÁíÒ»¸öfwlogwatchÔÚÔËÐÐ.\n" #: ../modes.c:427 #, fuzzy, c-format msgid "SIGHUP caught, reread configuration file %s" msgstr "²¶×½µ½SIGHUP, ÖØдò¿ªlogÎļþ" #: ../modes.c:429 #, fuzzy, c-format msgid "SIGHUP caught, unable to reread configuration file %s" msgstr "²¶×½µ½SIGHUP, ÖØдò¿ªlogÎļþ" #: ../modes.c:433 #, c-format msgid "Reread DNS cache file %s" msgstr "" #: ../modes.c:435 #, fuzzy, c-format msgid "Unable to reread DNS cache file %s" msgstr "²¶×½µ½SIGHUP, ÖØдò¿ªlogÎļþ" #: ../modes.c:459 msgid "SIGUSR1 caught, reading input from stdin, no need to reopen log file" msgstr "" #: ../modes.c:461 #, fuzzy, c-format msgid "SIGUSR1 caught, reopening log file %s" msgstr "²¶×½µ½SIGHUP, ÖØдò¿ªlogÎļþ" #: ../modes.c:533 msgid "SIGTERM caught, cleaning up" msgstr "²¶×½µ½SIGTERM, Çå³ýÄÚ´æ" #: ../modes.c:615 #, c-format msgid "Starting (pid %d)" msgstr "¿ªÊ¼ (pid %d)" #: ../modes.c:665 msgid "User to run as was not found" msgstr "" #: ../modes.c:680 #, c-format msgid "Changed uid from %d to %d, gid from %d to %d" msgstr "" #: ../modes.c:682 #, c-format msgid "Running with uid %d, gid %d" msgstr "" #: ../modes.c:686 msgid "Alert threshold is one attempt" msgstr "¾¯¸æthresholdÊÇÒ»´Î³¢ÊÔ" #: ../modes.c:688 #, c-format msgid "Alert threshold is %d attempts" msgstr "¾¯¸æthresholdÊÇ%d´Î³¢ÊÔ" #: ../modes.c:692 #, c-format msgid "Events older than %d second(s) are discarded" msgstr "ÔÚ%dÃë֮ǰµÄʼþ½«²»ÊÜÀí" #: ../modes.c:694 #, c-format msgid "Events older than %d hour(s) are discarded" msgstr "ÔÚ%dСʱ֮ǰµÄʼþ½«²»ÊÜÀí" #: ../modes.c:697 #, fuzzy, c-format msgid "Response mode: Log%s%s" msgstr "»ØӦģʽ: log%s%s" #: ../modes.c:697 ../net.c:350 msgid ", notify" msgstr "֪ͨ" #: ../modes.c:697 ../net.c:350 msgid ", respond" msgstr ". »Ø´ð" #: ../modes.c:728 #, c-format msgid "Reading standard input\n" msgstr "¶ÁÈ¡±ê×¼ÊäÈë\n" #: ../modes.c:744 #, c-format msgid "Reading '%s'\n" msgstr "¶Á '%s'\n" #: ../modes.c:810 #, fuzzy, c-format msgid "Number of files: %d\n" msgstr "³¢ÊԵǽµÄ´ÎÊý: %s\n" #: ../modes.c:811 #, fuzzy, c-format msgid "Number of lines: %d\n" msgstr "ÐÐÊý : %d\n" #: ../modes.c:816 #, c-format msgid "First entry: %s\n" msgstr "µÚÒ»Ìõ¼Ç¼: %s\n" #: ../modes.c:818 #, c-format msgid "Last entry : %s\n" msgstr "×îºóÒ»Ìõ¼Ç¼ : %s\n" #: ../modes.c:820 #, c-format msgid "Difference : %s\n" msgstr "" #: ../net.c:106 #, c-format msgid "Listening on %s port %i" msgstr "ÁгöÔÚ &s ÉÏµÄ¶Ë¿Ú %i" #: ../net.c:109 #, c-format msgid "Connections are only allowed from %s" msgstr "" #: ../net.c:149 msgid "decode_base64: input string incomplete" msgstr "decode_base64: ÊäÈë×Ö·û´®²»ÍêÕû" #: ../net.c:156 #, c-format msgid "decode_base64: illegal character '%c' in input string" msgstr "decode_base64: ÔÚÊäÈë×Ö·û´®ÓзǷ¨×Ö·û '%c'" #: ../net.c:191 msgid "count" msgstr "" #: ../net.c:192 msgid "added" msgstr "" #: ../net.c:194 msgid "proto" msgstr "" #: ../net.c:196 #, fuzzy msgid "bytes" msgstr " (%d ×Ö½Ú)" #: ../net.c:197 msgid "source" msgstr "" #: ../net.c:199 ../net.c:208 #, fuzzy msgid "hostname" msgstr "<td>Ö÷»úÃû</td>" #: ../net.c:201 ../net.c:211 #, fuzzy msgid "port" msgstr " ¶Ë¿Ú %d" #: ../net.c:203 ../net.c:213 #, fuzzy msgid "service" msgstr "<td>·þÎñ</td>" #: ../net.c:206 #, fuzzy msgid "destination" msgstr "<td>Ä¿±ê</td>" #: ../net.c:216 msgid "opts" msgstr "" #: ../net.c:217 #, fuzzy msgid "time remaining" msgstr "<td>Ê£Óàʱ¼ä</td></tr>\n" #: ../net.c:218 msgid "action" msgstr "" #: ../net.c:270 ../net.c:272 ../net.c:337 #, fuzzy msgid "Information" msgstr "" "\n" "</div>\n" "<h2>»ù±¾ÐÅÏ¢</h2>\n" #: ../net.c:276 ../net.c:278 ../net.c:375 msgid "Options" msgstr "" #: ../net.c:282 ../net.c:284 ../net.c:403 #, fuzzy msgid "Packet cache" msgstr "<h2> Êý¾Ý»º´æ</h2>\n" #: ../net.c:288 ../net.c:290 ../net.c:472 #, fuzzy msgid "Host status" msgstr "<h2>Ö÷»ú״̬</h2>\n" #: ../net.c:293 msgid "Reload" msgstr "" #: ../net.c:342 msgid "Daemon start time" msgstr "" #: ../net.c:345 msgid "Current time" msgstr "" #: ../net.c:348 msgid "Running time" msgstr "" #: ../net.c:350 msgid "Log" msgstr "" #: ../net.c:351 #, fuzzy msgid "Response mode" msgstr "»ØӦģʽ: log%s%s" #: ../net.c:353 msgid "Lines seen" msgstr "" #: ../net.c:354 msgid "Hits" msgstr "" #: ../net.c:355 msgid "Old/excluded/malformed" msgstr "" #: ../net.c:362 #, fuzzy msgid "Entries in packet cache" msgstr "<h2> Êý¾Ý»º´æ</h2>\n" #: ../net.c:369 #, fuzzy msgid "Entries in host status" msgstr "<h2>Ö÷»ú״̬</h2>\n" #: ../net.c:377 msgid "Parameter" msgstr "" #: ../net.c:379 msgid "Decrease" msgstr "" #: ../net.c:381 msgid "Current" msgstr "" #: ../net.c:383 msgid "Increase" msgstr "" #: ../net.c:385 #, fuzzy msgid "Alert threshold" msgstr "¾¯¸æthresholdÊÇÒ»´Î³¢ÊÔ" #: ../net.c:387 msgid "Discard timeout" msgstr "" #: ../net.c:388 msgid "Minimum count in packet cache" msgstr "" #: ../net.c:390 ../net.c:392 msgid "Top amount of entries in packet cache" msgstr "" #: ../net.c:395 ../net.c:397 msgid "Refresh time" msgstr "" #: ../net.c:419 ../net.c:528 msgid "%Y/%m/%d %H:%M:%S" msgstr "" #: ../net.c:456 ../net.c:558 msgid "drop" msgstr "" #: ../net.c:458 msgid "escalate" msgstr "" #: ../net.c:493 ../net.c:509 ../net.c:515 ../net.c:521 msgid "<td>any</td>" msgstr "<td>ÈκÎ</td>" #: ../net.c:503 #, fuzzy msgid "<td>(known host)</td>" msgstr "<td>-</td><td>%s/%d (ÒÑÖªÖ÷»ú/ÍøÂç)</td>" #: ../net.c:505 #, fuzzy msgid "<td>(known net)</td>" msgstr "<td>-</td><td>%s/%d (ÒÑÖªÖ÷»ú/ÍøÂç)</td>" #: ../net.c:605 #, fuzzy, c-format msgid "Rejected connection from unallowed IP address %s port %i" msgstr "¾Ü¾øÀ´×Ô %s ¶Ë¿Ú %i µÄ·ÃÎÊ" #: ../net.c:614 #, c-format msgid "Connect from %s port %i" msgstr "À´×Ô %s ¶Ë¿Ú %i µÄ·ÃÎÊ" #: ../net.c:677 msgid "Authorization failed" msgstr "¼ìÑé´íÎó" #: ../net.c:680 #, fuzzy msgid "Authorization required" msgstr "¼ìÑé´íÎó" #: ../net.c:757 msgid "Bad request" msgstr "" #: ../net.c:762 msgid "Redirect" msgstr "" #: ../net.c:762 msgid "You should be redirected to the <a href=\"/\">root directory</a>" msgstr "" #: ../net.c:774 #, c-format msgid "Requested function: %s" msgstr "" #: ../net.c:777 msgid "Connection closed" msgstr "¹Ø±ÕÁª½Ó" #: ../output.c:200 #, c-format msgid " to " msgstr " ÖÁ " #: ../output.c:255 #, c-format msgid " packet" msgstr "Êý¾Ý°ü" #: ../output.c:257 #, c-format msgid " packets" msgstr "Êý¾Ý°ü" #: ../output.c:261 #, fuzzy, c-format msgid " (%lu bytes)" msgstr " (%d ×Ö½Ú)" #: ../output.c:264 #, c-format msgid " from %s" msgstr "´Ó %s" #: ../output.c:280 ../output.c:293 #, c-format msgid " port %d" msgstr " ¶Ë¿Ú %d" #: ../output.c:286 #, c-format msgid " to %s" msgstr " ÖÁ %s" #: ../output.c:313 #, fuzzy, c-format msgid "<th>start</th>" msgstr "<td>¿ªÊ¼</td>" #: ../output.c:316 #, fuzzy, c-format msgid "<th>end</th>" msgstr "<td>½áÊø</td>" #: ../output.c:319 #, fuzzy, c-format msgid "<th>interval</th>" msgstr "<td>¼ä¾à</td>" #: ../output.c:322 #, fuzzy, c-format msgid "<th>loghost</th>" msgstr "<td>logÖ÷»ú</td>" #: ../output.c:325 #, fuzzy, c-format msgid "<th>chain</th>" msgstr "<td>chain</td>" #: ../output.c:328 #, fuzzy, c-format msgid "<th>target</th>" msgstr "<td>Ä¿±ê</td>" #: ../output.c:331 #, fuzzy, c-format msgid "<th>interface</th>" msgstr "<td>½çÃæ</td>" #: ../output.c:334 #, fuzzy, c-format msgid "<th>proto</th>" msgstr "<td>´«ÊäЭÒé</td>" #: ../output.c:337 #, fuzzy, c-format msgid "<th>bytes</th>" msgstr "<td>×Ö½Ú</td>" #: ../output.c:340 #, fuzzy, c-format msgid "<th>source</th>" msgstr "<td>Ô´</td>" #: ../output.c:342 ../output.c:356 #, fuzzy, c-format msgid "<th>hostname</th>" msgstr "<td>Ö÷»úÃû</td>" #: ../output.c:344 #, fuzzy, c-format msgid "<th>whois information</th>" msgstr "<td>whoisÐÅÏ¢</td>" #: ../output.c:348 ../output.c:360 #, fuzzy, c-format msgid "<th>port</th>" msgstr "<td>¶Ë¿Ú</td>" #: ../output.c:350 ../output.c:362 #, fuzzy, c-format msgid "<th>service</th>" msgstr "<td>·þÎñ</td>" #: ../output.c:354 #, fuzzy, c-format msgid "<th>destination</th>" msgstr "<td>Ä¿±ê</td>" #: ../output.c:366 #, fuzzy, c-format msgid "<th>opts</th>" msgstr "<td>Ñ¡Ïî</td>" #: ../parser.c:270 #, c-format msgid "Unknown parser: '%c'.\n" msgstr "²»Öªparser: '%c'.\n" #: ../rcfile.c:58 #, c-format msgid "Error in configuration file '%s' line %d: not a number\n" msgstr "" #: ../rcfile.c:87 #, c-format msgid "Error in configuration file '%s' line %d, assuming 'true'\n" msgstr "" #: ../rcfile.c:281 #, fuzzy, c-format msgid "Unrecognized option in configuration file '%s' line %d\n" msgstr "ÅäÖÃÎļþÖв»Ã÷Ñ¡Ïî: %s" #: ../rcfile.c:332 #, fuzzy, c-format msgid "Unrecognized entry in DNS cache file '%s' line %d\n" msgstr "ÅäÖÃÎļþÖв»Ã÷Ñ¡Ïî: %s" #: ../rcfile.c:349 #, c-format msgid "%s is not a regular file, ignoring.\n" msgstr "%s ²»ÊDZê×¼Îļþ, ºöÂÔ.\n" #: ../rcfile.c:358 #, fuzzy, c-format msgid "Opening DNS cache file '%s'\n" msgstr "´ò¿ªÊäÈëÎļþ '%s'\n" #: ../rcfile.c:360 #, fuzzy, c-format msgid "Opening configuration file '%s'\n" msgstr "´ò¿ªÊäÈëÎļþ '%s'\n" #: ../resolve.c:62 #, c-format msgid "port mismatch: %d != %d\n" msgstr "¶Ë¿Ú²»Æ¥Åä: %d != %d\n" #: ../resolve.c:99 ../resolve.c:172 msgid "[timeout]" msgstr "" #: ../resolve.c:101 ../resolve.c:174 msgid "[server failure]" msgstr "" #: ../resolve.c:111 ../resolve.c:213 #, c-format msgid "Resolving %s\n" msgstr "½âÎö %s\n" #: ../resolve.c:122 #, c-format msgid "%s [forward lookup failed]" msgstr "%s [ÏòÇ°ËÑË÷ʧ°Ü]" #: ../resolve.c:131 #, fuzzy, c-format msgid " [v4 forward lookup: %s]" msgstr "%s [ÏòÇ°ËÑË÷: %s]" #: ../resolve.c:138 #, fuzzy, c-format msgid " [v6 forward lookup: %s]" msgstr "%s [ÏòÇ°ËÑË÷: %s]" #: ../resolve.c:180 #, c-format msgid "[adns status %d]" msgstr "" #: ../resolve.c:192 msgid "[adns error]" msgstr "" #: ../resolve.c:206 ../resolve.c:354 #, c-format msgid "Resolving %s from cache\n" msgstr "»º´æÖнâÎö%s\n" #: ../resolve.c:218 #, fuzzy, c-format msgid "Resolving %s from adns\n" msgstr "»º´æÖнâÎö%s\n" #: ../resolve.c:240 #, c-format msgid "IP address %s is already in DNS cache\n" msgstr "" #: ../resolve.c:246 #, c-format msgid "Adding IP address '%s' with host name '%s' to DNS cache\n" msgstr "" #: ../resolve.c:283 #, c-format msgid "Submitted %s to adns\n" msgstr "" #: ../response.c:56 msgid "One logging ipchains firewall rule defined" msgstr "Ò»ÌõµÇ½ipchains·À»ðǽ¹æ¶¨ÒѶ¨Òå" #: ../response.c:58 #, c-format msgid "%u logging ipchains firewall rules defined" msgstr "ÌõµÇ½ipchains·À»ðǽ¹æ¶¨ÒѶ¨Òå" #: ../response.c:61 msgid "No logging ipchains firewall rules defined, format was requested" msgstr "ûÓж¨ÒåµÇ½ipchains·À»ðǽ¹æ¶¨, ÐèÒª¸ñʽ" #: ../response.c:82 #, c-format msgid "%s is group/world writable" msgstr "%s ¿É±»group/worldÐÞ¸Ä" #: ../response.c:168 #, c-format msgid "Deleting packet cache entry (%s)" msgstr "ɾ³ýÊý¾Ý°ü»º´æÖеÄÄÚÈÝ" #: ../response.c:202 #, c-format msgid "Deleting host status entry (%s)" msgstr "ɾ³ýÖ÷»ú״̬ÖеÄÄÚÈÝ" #: ../response.c:280 #, c-format msgid "ALERT: %d attempts from %s" msgstr "¾¯¸æ: À´×Ô %s µÄ %d ³¢ÊÔ" #: ../utils.c:53 #, c-format msgid "" "\n" "Memory allocation error, exiting.\n" msgstr "" "\n" "Ñ°ÕÒÄÚ´æµØÖ·´íÎó, Í˳ö.\n" #: ../utils.c:68 msgid "Exiting" msgstr "Í˳ö" #: ../utils.c:77 msgid "Not executing buffer containing format string" msgstr "´øÓиñʽ×Ö·û»º´æ½«²»±»Ö´ÐÐ" #: ../utils.c:82 #, c-format msgid "Executing '%s'" msgstr "Ö´ÐÐ '%s" #: ../utils.c:194 #, fuzzy, c-format msgid "" "fwlogwatch error: mode collision, please check that you didn't specify\n" " several modes on the command line or a second mode is active in the\n" " configuration file.\n" " Please use a separate configuration file for each mode or comment out " "all\n" " entries in the default configuration and use command line parameters.\n" msgstr "" "fwlogwatch´íÎó: ģʽ³åÍ», Çë¼ì²éÄúûÓÐÔÚÃüÁîÐÐÖÐÖ¸¶¨¶àÖÖģʽ\n" " »òÕßÓеڶþÖÖģʽ±»Ä¬ÈÏÆô¶¯,»òÔÚÅäÖÃÎļþÖÐÓзñÖ¸¶¨\n" " ¶ÔÓÚ²»Í¬µÄģʽÇëʹÓò»Í¬µÄÅäÖÃÎļþ, »òʹÓÃÃüÁîÐвÎÊý\n" #: ../utils.c:301 #, c-format msgid "[error]" msgstr "" #: ../utils.c:317 #, c-format msgid "IP address error: %s\n" msgstr "IPµØÖ·´íÎó: %s\n" #: ../utils.c:342 ../utils.c:353 #, c-format msgid "Error in CIDR format: %s\n" msgstr "CIDR¸ñʽÓдíÎó: %s\n" #: ../utils.c:403 #, c-format msgid "(known host)\n" msgstr "(²»Ã÷Ö÷»ú)\n" #: ../utils.c:443 #, c-format msgid "(excluded host)\n" msgstr "(±»ÅųýµÄÖ÷»ú)\n" #: ../whois.c:226 #, fuzzy, c-format msgid "Looking up whois info for %s(/%d) from cache\n" msgstr "ÔÚ»º´æÖÐΪ %s Ñ°ÕÒwhoisÐÅÏ¢\n" #: ../whois.c:233 #, c-format msgid "Looking up whois info for %s\n" msgstr "Ϊ %s Ñ°ÕÒwhoisÐÅÏ¢\n" #: ../whois.c:254 #, c-format msgid "lookup failed: %s\n" msgstr "ËÑË÷ʧ°Ü: %s\n" #: ../main.h:314 msgid "fwlogwatch summary" msgstr "fwlogwatch ͳ¼ÆÕªÒª" #: ../main.h:324 msgid "fwlogwatch status" msgstr "fwlogwatch ״̬" #~ msgid "Wrong host name size\n" #~ msgstr "Ö÷»úÃû³¤¶È´íÎó\n" #, fuzzy #~ msgid "[inconsistent forward lookup]" #~ msgstr "%s [ÏòÇ°ËÑË÷: %s]" #, fuzzy #~ msgid "Interactive report mode (summary mode extension):\n" #~ msgstr "½»»¥Ê½±¨¸æģʽ:\n" #, fuzzy #~ msgid " -i <count> interactive mode with report threshold\n" #~ msgstr " -i <ÊýÁ¿> \t±¨¸æÁ÷½»»¥Ä£Ê½\n" #, fuzzy #~ msgid " -T <email> address of CERT or abuse contact to send report to\n" #~ msgstr "\t-T <email> \tÊÕÐÅÈ˵ØÖ· (CERT»òÁªÏµÈË)\n" #, fuzzy #~ msgid " -I <file> template file for report (defaults to %s)\n" #~ msgstr " -I <Îļþ> \t±¨¸æÄ£°åÎļþ\n" #~ msgid "" #~ "Reporting threshold: %d\n" #~ "\n" #~ msgstr "" #~ "±¨¸æÁ÷: %d\n" #~ "\n" #~ msgid "Offending IP address: %s\n" #~ msgstr "½ø¹¥IPµØÖ·:\t%s\n" #~ msgid "Offending IP name: %s\n" #~ msgstr "½ø¹¥IPµØÖ·Ãû:\t%s\n" #~ msgid "Target IP address: %s\n" #~ msgstr "Ä¿±êIPµØÖ·:\t%s\n" #~ msgid "Target IP name: %s\n" #~ msgstr "Ä¿±êIPµØÖ·Ãû:\t%s\n" #~ msgid "Number of logged attempts: %s\n" #~ msgstr "³¢ÊԵǽµÄ´ÎÊý: %s\n" #~ msgid "Start time: %s\n" #~ msgstr "¿ªÊ¼Ê±¼ä:\t\t%s\n" #~ msgid "End time: %s\n" #~ msgstr "½áÊøʱ¼ä: %s\n" #~ msgid "Timezone: %s\n" #~ msgstr "ʱ¼äÇø:\t\t\t %s\n" #~ msgid "Duration: %s\n" #~ msgstr "³ÖÐø:\t\t\t%s\n" #~ msgid "Protocol: %s\n" #~ msgstr "´«ÊäЭÒé:\t\t %s\n" #~ msgid "Source port: %s\n" #~ msgstr "Ô´¶Ë¿Ú:\t\t\t%s\n" #~ msgid "Destination port: %s\n" #~ msgstr "Ä¿±ê¶Ë¿Ú: %s\n" #~ msgid "TCP options: %s\n" #~ msgstr "TCPÑ¡Ïî: %s\n" #~ msgid "Tracking number: %s\n" #~ msgstr "TrackingÊý: %s\n" #~ msgid "Incident report %s-%s" #~ msgstr "ʼþ±¨¸æ %s-%s" #~ msgid "%d (unknown)" #~ msgstr "%d (²»Ïê)" #~ msgid "no SYNs" #~ msgstr "ûÓÐSYNs" #~ msgid "SYNs only" #~ msgstr "Ö»ÓÐSYNs" #~ msgid "" #~ "\n" #~ "What do you want to change? [1-18/(o)k] " #~ msgstr "" #~ "\n" #~ "ÄúÏëÐÞ¸Äʲô? [1-18/(o)k] " #~ msgid "New value: " #~ msgstr "ÐÂÖµ:" #~ msgid "" #~ "\n" #~ "Should this report be sent? [(s)end/(m)odify/(q)uit] " #~ msgstr "" #~ "\n" #~ "ÊÇ·ñ´«ËÍÕâ·Ý±¨¸æ? [(s)end/(m)odify/(q)uit] " #, fuzzy #~ msgid "<tr><td align=\"right\">Daemon start time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>DaemonÆô¶¯Ê±¼ä:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Current time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>µ±Ç°Ê±¼ä:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Running time:</td><td>%s</td></tr>\n" #~ msgstr "<tr><td>ÔËÐÐʱ¼ä:</td><td>%s</td></tr>\n" #, fuzzy #~ msgid "<tr><td align=\"right\">Response mode:</td><td>Log%s%s</td></tr>\n" #~ msgstr "<tr><td>»ØӦģʽ:</td><td>log%s%s</td></tr>\n" #, fuzzy #~ msgid "Host status: %d</td></tr>\n" #~ msgstr "<h2>Ö÷»ú״̬</h2>\n" #, fuzzy #~ msgid "<tr align=\"center\"><th>count</th><th>added</th>" #~ msgstr "" #~ "<tr bgcolor=\"#%s\" align=\"center\"><td>ÊýÁ¿</td><td>¼ÓÈë</td><td>Ô´IPµØ" #~ "Ö·</td>" #~ msgid "Authorization failed (%s)" #~ msgstr "¼ìÑé´íÎó (%s)" #~ msgid "" #~ "<body>\n" #~ "<h1>Authorization Required</h1>\n" #~ "</body>\n" #~ "</html>\n" #~ msgstr "" #~ "<body>\n" #~ "<h1>ÐèÒªÉí·Ý¼ìÑé</h1>\n" #~ "</body>\n" #~ "</html>\n" #, fuzzy #~ msgid "<p><a href=\"/\">Reload</a>" #~ msgstr "<a href=\"/\">Ë¢ÐÂ</a><br>\n" #, fuzzy #~ msgid "" #~ "<br>\n" #~ "(automatic refresh every %d seconds)</p>\n" #~ msgstr "(ÿ%dÃëÖÓºó×Ô¶¯Ë¢ÐÂ)<br>\n" #, fuzzy #~ msgid "" #~ "<tr><td>Alert threshold:</td><td>%d entries</td></tr>\n" #~ "<tr><td>Discard timeout:</td><td>%s</td></tr>\n" #~ msgstr "" #~ "<tr><td>¾¯¸æthreshold:</td><td>%d entries</td></tr>\n" #~ "<tr><td>³¬Ê±:</td><td>%d Ãë</td></tr>\n" #, fuzzy #~ msgid " -f <file> specify input file (defaults to %s)\n" #~ msgstr " -f <Îļþ> \tÖ¸¶¨ÊäÈëÎļþ (ȱʡ %s) \n" #~ msgid "\"%s\" are packet logs, " #~ msgstr "\"%s\" ÊÇÊý¾Ý°ü¼Ç¼" #~ msgid " (defaults to '%s')\n" #~ msgstr " \t(ȱʡΪ '%s')\n" #~ msgid " (defaults to %s)\n" #~ msgstr "\t\t \t(ȱʡΪ %s)\n" #~ msgid "SIGHUP caught, ignoring" #~ msgstr "²¶×½µ½SIGHUP, ºöÂÔ" #~ msgid "<td>Hostname</td>" #~ msgstr "<td>Ö÷»úÃû</td>" #~ msgid "<td>Destination IP address</td>" #~ msgstr "<td>Ä¿±êIPµØÖ·</td>" #~ msgid "<td>Protocol</td>" #~ msgstr "<td>´«ÊäЭÒé</td>" #~ msgid "<td>Source port</td>" #~ msgstr "<td>Ô´¶Ë¿Ú</td>" #~ msgid "<td>Service</td>" #~ msgstr "<td>·þÎñ</td>" #~ msgid "<td>Destination port</td>" #~ msgstr "<td>Ä¿±ê¶Ë¿Ú</td>" ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/PaxHeaders.8080/ipfw.h���������������������������������������������������������������0000644�0000000�0000000�00000000124�12145435573�015567� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1368800123.419223 27 atime=1369319079.870943 30 ctime=1369319079.870943161 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/ipfw.h�������������������������������������������������������������������������������0000644�0000000�0000000�00000000274�12145435573�014653� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: ipfw.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _IPFW_H #define _IPFW_H unsigned char flex_ipfw(char *input, int linenum); #endif ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/PaxHeaders.8080/parser.h�������������������������������������������������������������0000644�0000000�0000000�00000000124�12145435573�016116� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1368800123.419223 27 atime=1369319079.897942 30 ctime=1369319079.897942957 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/parser.h�����������������������������������������������������������������������������0000644�0000000�0000000�00000000373�12145435573�015202� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: parser.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _PARSER_H #define _PARSER_H unsigned char parse_line(char *input, int linenum); int parse_time(char *input); void select_parsers(void); #endif ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/PaxHeaders.8080/rcfile.h�������������������������������������������������������������0000644�0000000�0000000�00000000124�12145435573�016066� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1368800123.419223 27 atime=1369319079.834943 30 ctime=1369319079.834943432 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/rcfile.h�����������������������������������������������������������������������������0000644�0000000�0000000�00000000346�12145435573�015152� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: rcfile.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _RCFILE_H #define _RCFILE_H unsigned char read_rcfile(char *rcfile, unsigned char must_exist, unsigned char type); #endif ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/PaxHeaders.8080/compare.c������������������������������������������������������������0000644�0000000�0000000�00000000124�12145435573�016243� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1368800123.419223 27 atime=1369319079.839943 30 ctime=1369319079.839943394 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/compare.c����������������������������������������������������������������������������0000644�0000000�0000000�00000023374�12145435573�015335� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: compare.c 731 2013-05-17 14:15:23Z bw $ */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/types.h> #include <netinet/in.h> #include <arpa/inet.h> #include "compare.h" #include "output.h" #include "response.h" #include "utils.h" struct conn_data *first = NULL; extern struct known_hosts *first_host; extern struct options opt; void add_entry() { struct conn_data *data; data = xmalloc(sizeof(struct conn_data)); data->count = opt.line->count; data->start_time = opt.line->time; if (opt.mode != REALTIME_RESPONSE) { data->end_time = 0; } else { data->end_time = opt.line->time; } data->hostname = xmalloc(strlen(opt.line->hostname) + 1); xstrncpy(data->hostname, opt.line->hostname, strlen(opt.line->hostname) + 1); data->chainlabel = xmalloc(strlen(opt.line->chainlabel) + 1); xstrncpy(data->chainlabel, opt.line->chainlabel, strlen(opt.line->chainlabel) + 1); data->branchname = xmalloc(strlen(opt.line->branchname) + 1); xstrncpy(data->branchname, opt.line->branchname, strlen(opt.line->branchname) + 1); data->interface = xmalloc(strlen(opt.line->interface) + 1); xstrncpy(data->interface, opt.line->interface, strlen(opt.line->interface) + 1); data->protocol = opt.line->protocol; data->datalen = opt.line->datalen; data->shost = opt.line->shost; data->sport = opt.line->sport; data->dhost = opt.line->dhost; data->dport = opt.line->dport; data->flags = opt.line->flags; data->id = opt.global_id++; data->next = first; first = data; } unsigned char compare(struct conn_data *op1, struct conn_data *op2) { unsigned char cond = 0; switch (opt.sortfield) { case SORT_COUNT: if (opt.sortmode == ORDER_ASCENDING) { if (op1->count > op2->count) cond++; } else { if (op1->count < op2->count) cond++; } break; case SORT_START_TIME: if (opt.sortmode == ORDER_ASCENDING) { if (op1->start_time > op2->start_time) cond++; } else { if (op1->start_time < op2->start_time) cond++; } break; case SORT_END_TIME: if (opt.sortmode == ORDER_ASCENDING) { if (op1->end_time > op2->end_time) cond++; } else { if (op1->end_time < op2->end_time) cond++; } break; case SORT_DELTA_TIME: if (opt.sortmode == ORDER_ASCENDING) { if ((op1->end_time - op1->start_time) > (op2->end_time - op2->start_time)) cond++; } else { if ((op1->end_time - op1->start_time) < (op2->end_time - op2->start_time)) cond++; } break; case SORT_CHAINLABEL: if (opt.sortmode == ORDER_ASCENDING) { if (strncmp(op1->chainlabel, op2->chainlabel, SHORTLEN) > 0) cond++; } else { if (strncmp(op1->chainlabel, op2->chainlabel, SHORTLEN) < 0) cond++; } break; case SORT_PROTOCOL: if (opt.sortmode == ORDER_ASCENDING) { if (op1->protocol > op2->protocol) cond++; } else { if (op1->protocol < op2->protocol) cond++; } break; case SORT_DATALEN: if (opt.sortmode == ORDER_ASCENDING) { if (op1->datalen > op2->datalen) cond++; } else { if (op1->datalen < op2->datalen) cond++; } break; case SORT_SOURCEHOST: if (opt.sortmode == ORDER_ASCENDING) { if (compare_ipv6(&op1->shost, &op2->shost) == -1) cond++; } else { if (compare_ipv6(&op1->shost, &op2->shost) == 1) cond++; } break; case SORT_SOURCEPORT: if (opt.sortmode == ORDER_ASCENDING) { if (op1->sport > op2->sport) cond++; } else { if (op1->sport < op2->sport) cond++; } break; case SORT_DESTHOST: if (opt.sortmode == ORDER_ASCENDING) { if (compare_ipv6(&op1->dhost, &op2->dhost) == -1) cond++; } else { if (compare_ipv6(&op1->dhost, &op2->dhost) == 1) cond++; } break; case SORT_DESTPORT: if (opt.sortmode == ORDER_ASCENDING) { if (op1->dport > op2->dport) cond++; } else { if (op1->dport < op2->dport) cond++; } break; default: fprintf(stderr, _("conn_sort_up: wrong mode\n")); } return cond; } struct conn_data *fwlw_pc_mergesort(struct conn_data *list) { struct conn_data *p, *q, *e, *tail; int size, merges, psize, qsize, i; if (list != NULL) { size = 1; while (1) { p = list; list = tail = NULL; merges = 0; while (p != NULL) { merges++; q = p; psize = 0; for (i = 0; i < size; i++) { psize++; q = q->next; if (q == NULL) break; } qsize = size; while (psize > 0 || ((qsize > 0) && (q != NULL))) { if (psize == 0) { e = q; q = q->next; qsize--; } else if (qsize == 0 || (q == NULL)) { e = p; p = p->next; psize--; } else if (compare(p, q) <= 0) { e = p; p = p->next; psize--; } else { e = q; q = q->next; qsize--; } if (tail != NULL) { tail->next = e; } else { list = e; } tail = e; } p = q; } tail->next = NULL; if (merges <= 1) return list; size *= 2; } } else { return NULL; } } void sort_data(unsigned char mode) { unsigned char i = 0, error; while ((i < MAXSORTSIZE) && (opt.sort_order[i] != '\0')) { error = 0; switch (opt.sort_order[i]) { case 'c': opt.sortfield = SORT_COUNT; break; case 't': opt.sortfield = SORT_START_TIME; break; case 'e': opt.sortfield = SORT_END_TIME; break; case 'z': opt.sortfield = SORT_DELTA_TIME; break; case 'n': opt.sortfield = SORT_CHAINLABEL; break; case 'p': opt.sortfield = SORT_PROTOCOL; break; case 'b': opt.sortfield = SORT_DATALEN; break; case 'S': opt.sortfield = SORT_SOURCEHOST; break; case 's': opt.sortfield = SORT_SOURCEPORT; break; case 'D': opt.sortfield = SORT_DESTHOST; break; case 'd': opt.sortfield = SORT_DESTPORT; break; default: fprintf(stderr, _("Error in sort string: '%c', order expected, ignoring.\n"), opt.sort_order[i]); error = 1; } i++; if (opt.sort_order[i] != '\0') { switch (opt.sort_order[i]) { case 'a': opt.sortmode = ORDER_ASCENDING; break; case 'd': opt.sortmode = ORDER_DESCENDING; break; default: fprintf(stderr, _("Error in sort string: '%c', direction expected, ignoring.\n"), opt.sort_order[i]); error = 1; } } else { fprintf(stderr, _("Error in sort string, direction expected, ignoring.\n")); error = 1; } i++; if (error == 0) { if (mode == SORT_PC) { first = fwlw_pc_mergesort(first); } else { first_host = fwlw_hs_mergesort(first_host); } if (opt.verbose == 2) fprintf(stderr, "."); } } } void build_list() { struct conn_data *this; char stime[TIMESIZE]; if (opt.loghost == 0) { if (opt.hostname[0] != '\0') { if (strcmp(opt.hostname, opt.line->hostname) != 0) { opt.loghost = 1; } } else { xstrncpy(opt.hostname, opt.line->hostname, SHOSTLEN); } } if (opt.chains == 0) { if (opt.chainlabel[0] != '\0') { if (strncmp(opt.chainlabel, opt.line->chainlabel, SHORTLEN) != 0) { opt.chains = 1; } } else { xstrncpy(opt.chainlabel, opt.line->chainlabel, SHORTLEN); } } if (opt.branches == 0) { if (opt.branchname[0] != '\0') { if (strncmp(opt.branchname, opt.line->branchname, SHORTLEN) != 0) { opt.branches = 1; } } else { xstrncpy(opt.branchname, opt.line->branchname, SHORTLEN); } } if (opt.ifs == 0) { if (opt.interface[0] != '\0') { if (strncmp(opt.interface, opt.line->interface, SHORTLEN) != 0) { opt.ifs = 1; } } else { xstrncpy(opt.interface, opt.line->interface, SHORTLEN); } } this = first; while (this != NULL) { if ((opt.dst_ip) && (compare_ipv6_equal(&this->dhost, &opt.line->dhost) != 0)) { goto no_match; } if ((opt.src_ip) && (compare_ipv6_equal(&this->shost, &opt.line->shost) != 0)) { goto no_match; } if ((opt.dst_port) && (this->dport != opt.line->dport)) { goto no_match; } if ((opt.src_port) && (this->sport != opt.line->sport)) { goto no_match; } if ((opt.proto) && (this->protocol != opt.line->protocol)) { goto no_match; } if ((opt.opts) && (this->flags != opt.line->flags)) { goto no_match; } if (strcmp(this->interface, opt.line->interface) != 0) { goto no_match; } if (strcmp(this->branchname, opt.line->branchname) != 0) { goto no_match; } if (strcmp(this->chainlabel, opt.line->chainlabel) != 0) { goto no_match; } if (strcmp(this->hostname, opt.line->hostname) != 0) { goto no_match; } this->datalen = this->datalen + opt.line->datalen; if (opt.line->time >= this->end_time) { this->end_time = opt.line->time; } else { if (opt.verbose) { strftime(stime, TIMESIZE, _("%b %d %H:%M:%S"), localtime(&this->end_time)); fprintf(stderr, _("Timewarp in log file (%s"), stime); strftime(stime, TIMESIZE, _("%b %d %H:%M:%S"), localtime(&opt.line->time)); fprintf(stderr, " < %s).\n", stime); } } this->count += opt.line->count; return; no_match:this = this->next; } add_entry(); } int list_stats() { struct conn_data *this; int count = 0; this = first; while (this != NULL) { ++count; this = this->next; } return count; } void show_list(FILE * fd) { struct conn_data *this; int max = 0; this = first; while ((this != NULL) && (opt.max == 0 || max < opt.max)) { if (this->count >= opt.least && this->count > opt.threshold) { if (opt.html) { output_html_entry(this, fd); if (opt.html == 1) { opt.html = 2; } else { opt.html = 1; } } else { output_text_entry(this, fd); } } if (opt.max != 0) max++; this = this->next; } } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/PaxHeaders.8080/modes.h��������������������������������������������������������������0000644�0000000�0000000�00000000124�12145435573�015731� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1368800123.419223 27 atime=1369319079.872943 30 ctime=1369319079.872943145 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/modes.h������������������������������������������������������������������������������0000644�0000000�0000000�00000000342�12145435573�015011� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: modes.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _MODES_H #define _MODES_H void mode_summary(void); void mode_rt_response(void); void mode_show_log_times(void); #endif ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/PaxHeaders.8080/whois.h��������������������������������������������������������������0000644�0000000�0000000�00000000124�12145435573�015753� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1368800123.419223 27 atime=1369319079.861943 30 ctime=1369319079.862943221 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/whois.h������������������������������������������������������������������������������0000644�0000000�0000000�00000000401�12145435573�015027� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: whois.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _WHOIS_H #define _WHOIS_H struct whois_entry *whois(struct in6_addr ip); void whois_connect(const char *whois_server); void whois_close(void); #endif ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/PaxHeaders.8080/output.c�������������������������������������������������������������0000644�0000000�0000000�00000000124�12145435573�016155� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������27 mtime=1368800123.419223 27 atime=1369319079.895942 30 ctime=1369319079.895942972 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fwlogwatch-1.4/output.c�����������������������������������������������������������������������������0000644�0000000�0000000�00000025074�12145435573�015246� 0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: output.c 731 2013-05-17 14:15:23Z bw $ */ #include <stdio.h> #include <string.h> #include <sys/types.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> #include <time.h> #include <errno.h> #include <syslog.h> #include "output.h" #include "resolve.h" #include "utils.h" #include "whois.h" extern struct options opt; extern struct conn_data *first; void output_timediff(time_t start, time_t end, char *td) { time_t diff; int part; char tmp[4]; diff = end - start; if (diff <= 0) { snprintf(td, 2, "-"); return; } part = diff / 86400; /* days */ snprintf(td, TIMESIZE, "%02d:", part); diff = diff % 86400; part = diff / 3600; /* hours */ snprintf(tmp, 4, "%02d:", part); strncat(td, tmp, 4); diff = diff % 3600; part = diff / 60; /* minutes */ snprintf(tmp, 4, "%02d:", part); strncat(td, tmp, 4); part = diff % 60; /* seconds */ snprintf(tmp, 3, "%02d", part); strncat(td, tmp, 3); } void output_tcp_opts(struct conn_data *input, char *buf) { if ((input->flags & (TCP_ACK | TCP_FIN | TCP_RST | TCP_PSH | TCP_URG)) != 0) { if (input->flags & TCP_SYN) { strcpy(buf, "s"); } else { strcpy(buf, "-"); } if (input->flags & TCP_ACK) { strcat(buf, "a"); } else { strcat(buf, "-"); } if (input->flags & TCP_FIN) { strcat(buf, "f"); } else { strcat(buf, "-"); } if (input->flags & TCP_RST) { strcat(buf, "r"); } else { strcat(buf, "-"); } if (input->flags & TCP_PSH) { strcat(buf, "p"); } else { strcat(buf, "-"); } if (input->flags & TCP_URG) { strcat(buf, "u"); } else { strcat(buf, "-"); } } else { if (input->flags & TCP_SYN) { strcpy(buf, "SYN"); } else { strcpy(buf, "-"); } } } void output_html_entry(struct conn_data *input, FILE * fd) { char *proto = NULL, time[TIMESIZE], buf[HOSTLEN]; if (opt.html == 2) { fprintf(fd, "<tr class=\"r%d\"><td>", opt.html); } else { fprintf(fd, "<tr class=\"r%d\"><td>", opt.html); } fprintf(fd, "%d", input->count); if (opt.stimes) { strftime(time, TIMESIZE, _("%b %d %H:%M:%S"), localtime(&input->start_time)); fprintf(fd, "</td><td>%s", time); } if (opt.etimes) { fprintf(fd, "</td><td>"); if (input->end_time != 0) { strftime(time, TIMESIZE, _("%b %d %H:%M:%S"), localtime(&input->end_time)); fprintf(fd, "%s", time); } else { fprintf(fd, "-"); } } if (opt.duration) { output_timediff(input->start_time, input->end_time, time); fprintf(fd, "</td><td>%s", time); } if (opt.loghost) fprintf(fd, "</td><td>%s", input->hostname); if (opt.chains) fprintf(fd, "</td><td>%s", input->chainlabel); if (opt.branches) fprintf(fd, "</td><td>%s", input->branchname); if (opt.ifs) fprintf(fd, "</td><td>%s", input->interface); if (opt.proto) { proto = resolve_protocol(input->protocol); fprintf(fd, "</td><td>%s", proto); } if (opt.datalen) fprintf(fd, "</td><td>%lu", input->datalen); if (opt.src_ip) { fprintf(fd, "</td><td>%s", my_inet_ntop(&input->shost)); if (opt.resolve) fprintf(fd, "</td><td>%s", resolve_address(input->shost)); if (opt.whois_lookup) { struct whois_entry *we; we = whois(input->shost); if (we != NULL) { snprintf(buf, HOSTLEN, "%s %s AS%d %s", we->ip_route, we->ip_descr, we->as_number, we->as_descr); } else { snprintf(buf, HOSTLEN, "-"); } fprintf(fd, "</td><td>%s", buf); } } if (opt.src_port) { fprintf(fd, "</td><td>%d", input->sport); if (opt.sresolve) fprintf(fd, "</td><td>%s", resolve_service(input->sport, proto)); } if (opt.dst_ip) { fprintf(fd, "</td><td>%s", my_inet_ntop(&input->dhost)); if (opt.resolve) fprintf(fd, "</td><td>%s", resolve_address(input->dhost)); } if (opt.dst_port) { fprintf(fd, "</td><td>%d", input->dport); if (opt.sresolve) fprintf(fd, "</td><td>%s", resolve_service(input->dport, proto)); } if (opt.opts) { output_tcp_opts(input, buf); fprintf(fd, "</td><td>%s", buf); } fprintf(fd, "</td></tr>\n"); } void output_text_entry(struct conn_data *input, FILE * fd) { char *proto, time[TIMESIZE], buf[HOSTLEN]; unsigned char first = 1; if (opt.stimes) { strftime(time, TIMESIZE, _("%b %d %H:%M:%S"), localtime(&input->start_time)); fprintf(fd, "%s", time); first = 0; } if (opt.etimes) { if (!first) fprintf(fd, _(" to ")); if (input->end_time != 0) { strftime(time, TIMESIZE, _("%b %d %H:%M:%S"), localtime(&input->end_time)); fprintf(fd, "%s", time); } else { fprintf(fd, "-"); } first = 0; } if (opt.duration) { if (!first) fprintf(fd, " "); output_timediff(input->start_time, input->end_time, time); fprintf(fd, "%s", time); first = 0; } if (opt.loghost) { if (!first) fprintf(fd, " "); fprintf(fd, "%s", input->hostname); first = 0; } if (opt.chains) { if (!first) fprintf(fd, " "); fprintf(fd, "%s", input->chainlabel); first = 0; } if (opt.branches) { if (!first) fprintf(fd, " "); fprintf(fd, "%s", input->branchname); first = 0; } if (opt.ifs) { if (!first) fprintf(fd, " "); fprintf(fd, "%s", input->interface); first = 0; } if (!first) fprintf(fd, " "); fprintf(fd, "%d", input->count); proto = resolve_protocol(input->protocol); if (opt.proto) fprintf(fd, " %s", proto); if (input->count == 1) { fprintf(fd, _(" packet")); } else { fprintf(fd, _(" packets")); } if (opt.datalen) fprintf(fd, _(" (%lu bytes)"), input->datalen); if (opt.src_ip) { fprintf(fd, _(" from %s"), my_inet_ntop(&input->shost)); if (opt.resolve) fprintf(fd, " (%s)", resolve_address(input->shost)); if (opt.whois_lookup) { struct whois_entry *we; we = whois(input->shost); if (we != NULL) { snprintf(buf, HOSTLEN, "%s %s AS%d %s", we->ip_route, we->ip_descr, we->as_number, we->as_descr); } else { snprintf(buf, HOSTLEN, "-"); } fprintf(fd, " [%s]", buf); } } if (opt.src_port) { fprintf(fd, _(" port %d"), input->sport); if (opt.sresolve) fprintf(fd, " (%s)", resolve_service(input->sport, proto)); } if (opt.dst_ip) { fprintf(fd, _(" to %s"), my_inet_ntop(&input->dhost)); if (opt.resolve) { fprintf(fd, " (%s)", resolve_address(input->dhost)); } } if (opt.dst_port) { fprintf(fd, _(" port %d"), input->dport); if (opt.sresolve) fprintf(fd, " (%s)", resolve_service(input->dport, proto)); } if (opt.opts) { output_tcp_opts(input, buf); fprintf(fd, " %s", buf); } fprintf(fd, "\n"); } void output_html_table(FILE * fd) { fprintf(fd, "</p>\n"); fprintf(fd, "<table cellspacing=\"1\" cellpadding=\"3\">\n"); fprintf(fd, "<tr><th>#</th>"); if (opt.stimes) fprintf(fd, _("<th>start</th>")); if (opt.etimes) fprintf(fd, _("<th>end</th>")); if (opt.duration) fprintf(fd, _("<th>interval</th>")); if (opt.loghost) fprintf(fd, _("<th>loghost</th>")); if (opt.chains) fprintf(fd, _("<th>chain</th>")); if (opt.branches) fprintf(fd, _("<th>target</th>")); if (opt.ifs) fprintf(fd, _("<th>interface</th>")); if (opt.proto) fprintf(fd, _("<th>proto</th>")); if (opt.datalen) fprintf(fd, _("<th>bytes</th>")); if (opt.src_ip) { fprintf(fd, _("<th>source</th>")); if (opt.resolve) fprintf(fd, _("<th>hostname</th>")); if (opt.whois_lookup) fprintf(fd, _("<th>whois information</th>")); } if (opt.src_port) { fprintf(fd, _("<th>port</th>")); if (opt.sresolve) fprintf(fd, _("<th>service</th>")); } if (opt.dst_ip) { fprintf(fd, _("<th>destination</th>")); if (opt.resolve) fprintf(fd, _("<th>hostname</th>")); } if (opt.dst_port) { fprintf(fd, _("<th>port</th>")); if (opt.sresolve) fprintf(fd, _("<th>service</th>")); } if (opt.opts) fprintf(fd, _("<th>opts</th>")); fprintf(fd, "</tr>\n"); } void output_html_header(int fd) { char nows[TIMESIZE]; time_t now; fdprintf(fd, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"); fdprintf(fd, "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n"); fdprintf(fd, "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\">\n"); now = time(NULL); strftime(nows, TIMESIZE, _("%b %d %H:%M:%S"), localtime(&now)); fdprintf(fd, "<head>\n<title>%s - %s\n", opt.title, nows); fdprintf(fd, "\n"); fdprintf(fd, "\n"); if ((opt.mode == REALTIME_RESPONSE) && (opt.refresh > 0)) { fdprintf(fd, "\n", opt.refresh); } if (opt.stylesheet[0] != '\0') { if ((opt.mode != REALTIME_RESPONSE) || (strncmp(opt.stylesheet, "http", 4) == 0)) { fdprintf(fd, "\n", opt.stylesheet); } else { char buf[BUFSIZE]; FILE *cssfd; int retval; cssfd = fopen(opt.stylesheet, "r"); if (cssfd == NULL) { syslog(LOG_NOTICE, "fopen %s: %s", opt.stylesheet, strerror(errno)); } else { fdprintf(fd, "\n"); retval = fclose(cssfd); if (retval == EOF) syslog(LOG_NOTICE, "fclose %s: %s", opt.stylesheet, strerror(errno)); } } } else { fdprintf(fd, "\n"); } fdprintf(fd, "\n\n"); fdprintf(fd, "

%s

\n", opt.title); } void output_html_footer(int fd) { fdprintf(fd, "

%s %s © %s

\n", PACKAGE, VERSION, COPYRIGHT); fdprintf(fd, "\n\n"); } fwlogwatch-1.4/PaxHeaders.8080/snort.h0000644000000000000000000000012412145435573015767 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.834943 30 ctime=1369319079.834943432 fwlogwatch-1.4/snort.h0000644000000000000000000000030012145435573015041 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: snort.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _SNORT_H #define _SNORT_H unsigned char flex_snort(char *input, int linenum); #endif fwlogwatch-1.4/PaxHeaders.8080/parser.c0000644000000000000000000000012412145435573016111 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.893942 30 ctime=1369319079.893942987 fwlogwatch-1.4/parser.c0000644000000000000000000001655012145435573015201 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: parser.c 731 2013-05-17 14:15:23Z bw $ */ #include #include #include #include #include #include #include #include "cisco_ios.h" #include "cisco_pix.h" #include "compare.h" #include "ipchains.h" #include "ipfilter.h" #include "ipfw.h" #include "lancom.h" #include "netfilter.h" #include "netscreen.h" #include "snort.h" #include "utils.h" struct parser_options *excluded_first; extern struct options opt; unsigned char parse_line(char *input, int linenum) { unsigned char retval; char *pnt; pnt = strstr(input, " last message repeated "); if (pnt != NULL) { if (opt.repeated == 1) { char month[4], time[9], name[SHOSTLEN], rest[BUFSIZE]; unsigned int day; if (sscanf(input, "%3s %u %8s %" SHOSTLEN_S "s %" BUFSIZE_S "s", month, &day, time, name, rest) == 5) { if (strncmp(opt.line->hostname, name, SHOSTLEN) == 0) { opt.line->count = opt.orig_count * atoi(pnt + 23); build_list(); if (opt.verbose == 2) fprintf(stderr, "r"); return PARSE_OK; } } if (opt.verbose == 2) fprintf(stderr, "_"); return PARSE_NO_HIT; } } if ((opt.format & PARSER_IPCHAINS) && (strstr(input, " kernel: Packet log: "))) { /* For ipchains log format see (in kernel 2.2 source) */ /* /usr/src/linux/net/ipv4/ip_fw.c */ retval = flex_ipchains(input, linenum); } else if ((opt.format & PARSER_NETFILTER) && (strstr(input, " OUT="))) { /* For netfilter log format see (in kernel 2.4 source) */ /* /usr/src/linux/net/ipv4/netfilter/ipt_LOG.c */ retval = flex_netfilter(input, linenum); } else if ((opt.format & PARSER_CISCO_IOS) && (strstr(input, "%SEC-6-IPACCESSLOG"))) { /* For cisco log format see CCO */ retval = flex_cisco_ios(input, linenum); } else if ((opt.format & PARSER_IPFILTER) && (strstr(input, " ipmon"))) { /* For ipfilter log format see the source */ /* http://coombs.anu.edu.au/~avalon/ */ retval = flex_ipfilter(input, linenum); } else if ((opt.format & PARSER_IPFW) && (strstr(input, " ipfw: "))) { retval = flex_ipfw(input, linenum); } else if ((opt.format & PARSER_CISCO_PIX) && (strstr(input, "%PIX-") || strstr(input, "%FWSM-") || strstr(input, "%ASA-"))) { /* For cisco log format see CCO */ retval = flex_cisco_pix(input, linenum); } else if ((opt.format & PARSER_NETSCREEN) && (strstr(input, " NetScreen "))) { retval = flex_netscreen(input, linenum); } else if ((opt.format & PARSER_LANCOM) && (strstr(input, " PACKET_ALERT: "))) { retval = lancom(input, linenum); } else if ((opt.format & PARSER_SNORT) && (strstr(input, " snort"))) { retval = flex_snort(input, linenum); } else { retval = PARSE_NO_HIT; } if (retval == PARSE_NO_HIT) { if (opt.verbose == 2) fprintf(stderr, "_"); return PARSE_NO_HIT; } if (opt.recent != 0) { if ((opt.now - opt.line->time) > opt.recent) { if (opt.verbose == 2) { fprintf(stderr, "o"); } return PARSE_TOO_OLD; } } if (retval == PARSE_OK) { { struct parser_options *excluded_this; unsigned char match = P_MATCH_NONE, include_rules_exist = 0; excluded_this = excluded_first; while (excluded_this != NULL) { if ((match != P_MATCH_EXC) && (excluded_this->mode & PARSER_MODE_HOST) != 0) { struct in6_addr testhost; int i; if ((excluded_this->mode & PARSER_MODE_SRC) != 0) { for (i = 0; i < 16; i++) testhost.s6_addr[i] = opt.line->shost.s6_addr[i] & excluded_this->netmask.s6_addr[i]; if (compare_ipv6_equal(&testhost, &excluded_this->host) == 0) { if ((excluded_this->mode & PARSER_MODE_NOT) != 0) { match = P_MATCH_EXC; } else { match = P_MATCH_INC; } } } else { for (i = 0; i < 16; i++) testhost.s6_addr[i] = opt.line->dhost.s6_addr[i] & excluded_this->netmask.s6_addr[i]; if (compare_ipv6_equal(&testhost, &excluded_this->host) == 0) { if ((excluded_this->mode & PARSER_MODE_NOT) != 0) { match = P_MATCH_EXC; } else { match = P_MATCH_INC; } } } } if ((match != P_MATCH_EXC) && (excluded_this->mode & PARSER_MODE_PORT) != 0) { if ((excluded_this->mode & PARSER_MODE_SRC) != 0) { if ((unsigned long int) opt.line->sport == excluded_this->value) { if ((excluded_this->mode & PARSER_MODE_NOT) != 0) { match = P_MATCH_EXC; } else { match = P_MATCH_INC; } } } else { if ((unsigned long int) opt.line->dport == excluded_this->value) { if ((excluded_this->mode & PARSER_MODE_NOT) != 0) { match = P_MATCH_EXC; } else { match = P_MATCH_INC; } } } } if ((match != P_MATCH_EXC) && (excluded_this->mode & PARSER_MODE_CHAIN) != 0) { if (strcmp(opt.line->chainlabel, excluded_this->svalue) == 0) { if ((excluded_this->mode & PARSER_MODE_NOT) != 0) { match = P_MATCH_EXC; } else { match = P_MATCH_INC; } } } if ((match != P_MATCH_EXC) && (excluded_this->mode & PARSER_MODE_BRANCH) != 0) { if (strcmp(opt.line->branchname, excluded_this->svalue) == 0) { if ((excluded_this->mode & PARSER_MODE_NOT) != 0) { match = P_MATCH_EXC; } else { match = P_MATCH_INC; } } } if ((include_rules_exist == 0) && (excluded_this->mode & PARSER_MODE_NOT) == 0) include_rules_exist++; excluded_this = excluded_this->next; } if ((match == P_MATCH_NONE) && (include_rules_exist)) match = P_MATCH_EXC; if (match == P_MATCH_EXC) { if (opt.verbose == 2) fprintf(stderr, "e"); return PARSE_EXCLUDED; } } opt.orig_count = opt.line->count; build_list(); if (opt.verbose == 2) fprintf(stderr, "."); } return retval; } int parse_time(char *input) { char *string, *pnt, c; int seconds; string = strdup(input); pnt = string; while (isdigit((int) *pnt)) { pnt++; } c = *pnt; if (c != '\0') { *pnt = '\0'; seconds = atoi(string); switch (c) { case 'm': seconds = seconds * 60; break; case 'h': seconds = seconds * 60 * 60; break; case 'd': seconds = seconds * 60 * 60 * 24; break; case 'w': seconds = seconds * 60 * 60 * 24 * 7; break; case 'M': seconds = seconds * 60 * 60 * 24 * 30; break; case 'y': seconds = seconds * 60 * 60 * 24 * 365; break; } } else { seconds = atoi(string); } free(string); return seconds; } void select_parsers() { unsigned char i = 0; if (opt.format_sel[0] == '\0') { return; } else { opt.format = 0; while ((i < SHORTLEN) && (opt.format_sel[i] != '\0')) { switch (opt.format_sel[i]) { case 'i': opt.format = opt.format | PARSER_IPCHAINS; break; case 'n': opt.format = opt.format | PARSER_NETFILTER; break; case 'f': opt.format = opt.format | PARSER_IPFILTER; break; case 'c': opt.format = opt.format | PARSER_CISCO_IOS; break; case 'p': opt.format = opt.format | PARSER_CISCO_PIX; break; case 'e': opt.format = opt.format | PARSER_NETSCREEN; break; case 'l': opt.format = opt.format | PARSER_LANCOM; break; case 's': opt.format = opt.format | PARSER_SNORT; break; case 'b': opt.format = opt.format | PARSER_IPFW; break; default: fprintf(stderr, _("Unknown parser: '%c'.\n"), opt.format_sel[i]); exit(EXIT_FAILURE); } i++; } } } fwlogwatch-1.4/PaxHeaders.8080/rcfile.c0000644000000000000000000000012412145435573016061 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.830943 30 ctime=1369319079.830943462 fwlogwatch-1.4/rcfile.c0000644000000000000000000003356512145435573015156 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: rcfile.c 731 2013-05-17 14:15:23Z bw $ */ #include #include #include #include #include #include #include "rcfile.h" #include "main.h" #include "parser.h" #include "utils.h" #include "resolve.h" extern struct options opt; char *get_one_parameter(char *string, unsigned char mode) { char *pnt; while (*string == ' ' || *string == '\t' || *string == '=') ++string; pnt = string; while (*pnt != '\n' && *pnt != ' ' && *pnt != '\t' && *pnt != '\0' && (mode == HASH_IGNORE || *pnt != '#')) ++pnt; *pnt = '\0'; return string; } char *get_parameter(char *string) { char *pnt; while (*string == ' ' || *string == '\t' || *string == '=') ++string; pnt = string; while (*pnt != '\n' && *pnt != '#' && *pnt != '\0') ++pnt; *pnt = '\0'; return string; } int get_num_parameter(char *string, char *rcfile, int linenum) { char *pnt; while (*string == ' ' || *string == '\t' || *string == '=') ++string; pnt = string; while (*pnt != '\n' && *pnt != ' ' && *pnt != '#' && *pnt != '\t' && *pnt != '\0') { if (!isdigit((int) *pnt)) fprintf(stderr, _("Error in configuration file '%s' line %d: not a number\n"), rcfile, linenum); ++pnt; } *pnt = '\0'; return atoi(string); } unsigned char get_yes_or_no(char *string, char *rcfile, int linenum) { char *pnt; while (*string == ' ' || *string == '\t' || *string == '=') ++string; pnt = string; while (*pnt != '\n' && *pnt != ' ' && *pnt != '#' && *pnt != '\t' && *pnt != '\0') ++pnt; *pnt = '\0'; if ((strncasecmp(string, "yes", 3) == 0) || (strncasecmp(string, "on", 2) == 0) || (strncasecmp(string, "true", 4) == 0)) { return YES; } else if ((strncasecmp(string, "no", 2) == 0) || (strncasecmp(string, "off", 3) == 0) || (strncasecmp(string, "false", 5) == 0)) { return NO; } else { fprintf(stderr, _("Error in configuration file '%s' line %d, assuming 'true'\n"), rcfile, linenum); return YES; } } void parse_rcfile(char *input, char *rcfile, int linenum) { char *command; while (*input == ' ' || *input == '\t') ++input; if (*input == '#' || *input == '\n') return; command = strdup(input); /* Include files */ if (strncasecmp(command, "include_file", 12) == 0) { xstrncpy(opt.rcfile, get_one_parameter(command + 13, HASH_ENDS_INPUT), FILESIZE); read_rcfile(opt.rcfile, MUST_EXIST, RCFILE_CF); } /* Global options */ else if (strncasecmp(command, "verbose", 7) == 0) { opt.verbose = opt.verbose + get_yes_or_no(command + 8, rcfile, linenum); } else if (strncasecmp(command, "resolve_hosts", 13) == 0) { opt.resolve = get_yes_or_no(command + 14, rcfile, linenum); } else if (strncasecmp(command, "resolve_services", 16) == 0) { opt.sresolve = get_yes_or_no(command + 17, rcfile, linenum); } else if (strncasecmp(command, "input", 5) == 0) { add_input_file(get_one_parameter(command + 6, HASH_ENDS_INPUT)); } else if (strncasecmp(command, "dns_cache", 9) == 0) { xstrncpy(opt.rcfile_dns, get_one_parameter(command + 10, HASH_ENDS_INPUT), FILESIZE); } /* Evaluation options */ else if (strncasecmp(command, "parser", 6) == 0) { xstrncpy(opt.format_sel, get_one_parameter(command + 7, HASH_ENDS_INPUT), SHORTLEN); } else if (strncasecmp(command, "src_ip", 6) == 0) { opt.src_ip = get_yes_or_no(command + 7, rcfile, linenum); } else if (strncasecmp(command, "dst_ip", 6) == 0) { opt.dst_ip = get_yes_or_no(command + 7, rcfile, linenum); } else if (strncasecmp(command, "protocol", 8) == 0) { opt.proto = get_yes_or_no(command + 9, rcfile, linenum); } else if (strncasecmp(command, "src_port", 8) == 0) { opt.src_port = get_yes_or_no(command + 9, rcfile, linenum); } else if (strncasecmp(command, "dst_port", 8) == 0) { opt.dst_port = get_yes_or_no(command + 9, rcfile, linenum); } else if (strncasecmp(command, "tcp_opts", 8) == 0) { opt.opts = get_yes_or_no(command + 9, rcfile, linenum); } else if (strncasecmp(command, "exclude_src_host", 16) == 0) { add_exclude_hpb(get_one_parameter(command + 16, HASH_ENDS_INPUT), PARSER_MODE_HOST | PARSER_MODE_SRC | PARSER_MODE_NOT); } else if (strncasecmp(command, "exclude_src_port", 16) == 0) { add_exclude_hpb(get_one_parameter(command + 16, HASH_ENDS_INPUT), PARSER_MODE_PORT | PARSER_MODE_SRC | PARSER_MODE_NOT); } else if (strncasecmp(command, "exclude_dst_host", 16) == 0) { add_exclude_hpb(get_one_parameter(command + 16, HASH_ENDS_INPUT), PARSER_MODE_HOST | PARSER_MODE_NOT); } else if (strncasecmp(command, "exclude_dst_port", 16) == 0) { add_exclude_hpb(get_one_parameter(command + 16, HASH_ENDS_INPUT), PARSER_MODE_PORT | PARSER_MODE_NOT); } else if (strncasecmp(command, "include_src_host", 16) == 0) { add_exclude_hpb(get_one_parameter(command + 16, HASH_ENDS_INPUT), PARSER_MODE_HOST | PARSER_MODE_SRC); } else if (strncasecmp(command, "include_src_port", 16) == 0) { add_exclude_hpb(get_one_parameter(command + 16, HASH_ENDS_INPUT), PARSER_MODE_PORT | PARSER_MODE_SRC); } else if (strncasecmp(command, "include_dst_host", 16) == 0) { add_exclude_hpb(get_one_parameter(command + 16, HASH_ENDS_INPUT), PARSER_MODE_HOST); } else if (strncasecmp(command, "include_dst_port", 16) == 0) { add_exclude_hpb(get_one_parameter(command + 16, HASH_ENDS_INPUT), PARSER_MODE_PORT); } else if (strncasecmp(command, "exclude_chain", 13) == 0) { add_exclude_hpb(get_parameter(command + 14), PARSER_MODE_CHAIN | PARSER_MODE_NOT); } else if (strncasecmp(command, "include_chain", 13) == 0) { add_exclude_hpb(get_parameter(command + 14), PARSER_MODE_CHAIN); } else if (strncasecmp(command, "exclude_branch", 14) == 0) { add_exclude_hpb(get_parameter(command + 15), PARSER_MODE_BRANCH | PARSER_MODE_NOT); } else if (strncasecmp(command, "include_branch", 14) == 0) { add_exclude_hpb(get_parameter(command + 15), PARSER_MODE_BRANCH); } /* Sorting options */ else if (strncasecmp(command, "sort_order", 10) == 0) { xstrncpy(opt.sort_order, get_one_parameter(command + 11, HASH_ENDS_INPUT), MAXSORTSIZE); } /* Output options */ else if (strncasecmp(command, "title", 5) == 0) { xstrncpy(opt.title, get_parameter(command + 6), TITLESIZE); } else if (strncasecmp(command, "stylesheet", 10) == 0) { xstrncpy(opt.stylesheet, get_one_parameter(command + 11, HASH_ENDS_INPUT), CSSSIZE); } else if (strncasecmp(command, "textcolor", 9) == 0) { xstrncpy(opt.textcol, get_one_parameter(command + 10, HASH_IGNORE), COLORSIZE); } else if (strncasecmp(command, "bgcolor", 7) == 0) { xstrncpy(opt.bgcol, get_one_parameter(command + 8, HASH_IGNORE), COLORSIZE); } else if (strncasecmp(command, "rowcolor1", 9) == 0) { xstrncpy(opt.rowcol1, get_one_parameter(command + 10, HASH_IGNORE), COLORSIZE); } else if (strncasecmp(command, "rowcolor2", 9) == 0) { xstrncpy(opt.rowcol2, get_one_parameter(command + 10, HASH_IGNORE), COLORSIZE); } /* Log summary mode */ else if (strncasecmp(command, "data_amount", 11) == 0) { opt.datalen = get_yes_or_no(command + 12, rcfile, linenum); } else if (strncasecmp(command, "start_times", 11) == 0) { opt.stimes = get_yes_or_no(command + 12, rcfile, linenum); } else if (strncasecmp(command, "end_times", 9) == 0) { opt.etimes = get_yes_or_no(command + 10, rcfile, linenum); } else if (strncasecmp(command, "duration", 8) == 0) { opt.duration = get_yes_or_no(command + 9, rcfile, linenum); } else if (strncasecmp(command, "html", 4) == 0) { opt.html = get_yes_or_no(command + 5, rcfile, linenum); } else if (strncasecmp(command, "output", 6) == 0) { opt.use_out = 1; xstrncpy(opt.outputfile, get_one_parameter(command + 7, HASH_ENDS_INPUT), FILESIZE); } else if (strncasecmp(command, "recent", 6) == 0) { opt.recent = parse_time(get_one_parameter(command + 7, HASH_ENDS_INPUT)); } else if (strncasecmp(command, "at_least", 8) == 0) { opt.least = get_num_parameter(command + 9, rcfile, linenum); } else if (strncasecmp(command, "maximum", 7) == 0) { opt.max = get_num_parameter(command + 8, rcfile, linenum); } else if (strncasecmp(command, "whois_lookup", 12) == 0) { opt.whois_lookup = get_yes_or_no(command + 13, rcfile, linenum); } else if (strncasecmp(command, "sender", 6) == 0) { xstrncpy(opt.sender, get_parameter(command + 7), EMAILSIZE); } else if (strncasecmp(command, "recipient", 9) == 0) { xstrncpy(opt.recipient, get_parameter(command + 10), EMAILSIZE); } else if (strncasecmp(command, "cc", 2) == 0) { xstrncpy(opt.cc, get_parameter(command + 3), EMAILSIZE); } /* Realtime response mode */ else if (strncasecmp(command, "realtime_response", 17) == 0) { if (get_yes_or_no(command + 18, rcfile, linenum) == YES) { if ((opt.mode != LOG_SUMMARY) && (opt.mode != REALTIME_RESPONSE)) { mode_error(); } opt.mode = REALTIME_RESPONSE; } } else if (strncasecmp(command, "ipchains_check", 14) == 0) { opt.ipchains_check = get_yes_or_no(command + 15, rcfile, linenum); } else if (strncasecmp(command, "pidfile", 7) == 0) { xstrncpy(opt.pidfile, get_one_parameter(command + 8, HASH_ENDS_INPUT), FILESIZE); } else if (strncasecmp(command, "run_as", 6) == 0) { xstrncpy(opt.run_as, get_one_parameter(command + 7, HASH_ENDS_INPUT), USERSIZE); } else if (strncasecmp(command, "stateful_start", 14) == 0) { opt.stateful_start = get_yes_or_no(command + 15, rcfile, linenum); } else if (strncasecmp(command, "alert_threshold", 15) == 0) { opt.threshold = get_num_parameter(command + 16, rcfile, linenum); } else if (strncasecmp(command, "notify", 6) == 0) { if (get_yes_or_no(command + 7, rcfile, linenum) == YES) { opt.response = opt.response | OPT_NOTIFY; } else { opt.response = opt.response & ~OPT_NOTIFY; } } else if (strncasecmp(command, "respond", 7) == 0) { if (get_yes_or_no(command + 8, rcfile, linenum) == YES) { opt.response = opt.response | OPT_RESPOND; } else { opt.response = opt.response & ~OPT_RESPOND; } } else if (strncasecmp(command, "notification_script", 19) == 0) { xstrncpy(opt.notify_script, get_one_parameter(command + 20, HASH_ENDS_INPUT), FILESIZE); } else if (strncasecmp(command, "response_script", 15) == 0) { xstrncpy(opt.respond_script, get_one_parameter(command + 16, HASH_ENDS_INPUT), FILESIZE); } else if (strncasecmp(command, "known_host", 10) == 0) { add_known_host(get_one_parameter(command + 11, HASH_ENDS_INPUT)); } else if (strncasecmp(command, "server_status", 13) == 0) { opt.status = get_yes_or_no(command + 14, rcfile, linenum); } else if (strncasecmp(command, "bind_to", 7) == 0) { xstrncpy(opt.listenif, get_one_parameter(command + 8, HASH_ENDS_INPUT), IP6LEN); } else if (strncasecmp(command, "listen_port", 11) == 0) { opt.listenport = get_num_parameter(command + 12, rcfile, linenum); } else if (strncasecmp(command, "listen_to", 9) == 0) { xstrncpy(opt.listento, get_one_parameter(command + 10, HASH_ENDS_INPUT), IP6LEN); } else if (strncasecmp(command, "status_user", 11) == 0) { xstrncpy(opt.user, get_one_parameter(command + 12, HASH_ENDS_INPUT), USERSIZE); } else if (strncasecmp(command, "status_password", 15) == 0) { xstrncpy(opt.password, get_one_parameter(command + 16, HASH_ENDS_INPUT), PASSWORDSIZE); } else if (strncasecmp(command, "refresh", 7) == 0) { opt.refresh = get_num_parameter(command + 8, rcfile, linenum); } /* Show log times mode */ else if (strncasecmp(command, "show_log_times", 14) == 0) { if ((opt.mode != LOG_SUMMARY) && (opt.mode != SHOW_LOG_TIMES)) { mode_error(); } opt.mode = SHOW_LOG_TIMES; } else { fprintf(stderr, _("Unrecognized option in configuration file '%s' line %d\n"), rcfile, linenum); exit(EXIT_FAILURE); } free(command); } void parse_dns_cache(char *input, char *rcfile, int linenum) { char *p, *p1, *p2; struct in6_addr addr; while (*input == ' ' || *input == '\t') ++input; if (*input == '#' || *input == '\n') return; p1 = strchr(input, ' '); p2 = strchr(input, '\t'); if (p1 != NULL && p2 != NULL) { if (p1 < p2) p = p1; else p = p2; } else if (p1 != NULL || p2 != NULL) { if (p1 != NULL) p = p1; else p = p2; } else { goto unrecognized; } *p = 0; p++; if (convert_ip(input, &addr) == IN_ADDR_OK) { while (*p == ' ' || *p == '\t') p++; p1 = strchr(p, ' '); if (p1 != NULL) *p1 = 0; p1 = strchr(p, '\t'); if (p1 != NULL) *p1 = 0; p1 = strchr(p, '\n'); if (p1 != NULL) *p1 = 0; init_dns_cache(&addr, p); return; } unrecognized: fprintf(stderr, _("Unrecognized entry in DNS cache file '%s' line %d\n"), rcfile, linenum); } unsigned char read_rcfile(char *rcfile, unsigned char must_exist, unsigned char type) { char buf[BUFSIZE], *name; FILE *fd; int linenum = 1, retval; struct stat info; if (!must_exist) { retval = stat(rcfile, &info); if (retval == -1) { return EXIT_FAILURE; } if (!S_ISREG(info.st_mode)) { fprintf(stderr, _("%s is not a regular file, ignoring.\n"), rcfile); return EXIT_FAILURE; } } name = strdup(rcfile); if (opt.verbose) { if (type == RCFILE_DNS) { fprintf(stderr, _("Opening DNS cache file '%s'\n"), name); } else { fprintf(stderr, _("Opening configuration file '%s'\n"), name); } } fd = fopen(name, "r"); if (fd == NULL) { fprintf(stderr, "fopen %s: %s\n", name, strerror(errno)); exit(EXIT_FAILURE); } while (fgets(buf, BUFSIZE, fd)) { if (type == RCFILE_CF) parse_rcfile(buf, name, linenum); else parse_dns_cache(buf, name, linenum); linenum++; } if (opt.verbose) fprintf(stderr, _("Closing '%s'\n"), name); xstrncpy(opt.rcfile, name, FILESIZE); free(name); retval = fclose(fd); if (retval == EOF) { perror("fclose"); exit(EXIT_FAILURE); } return EXIT_SUCCESS; } fwlogwatch-1.4/PaxHeaders.8080/cisco_ios.h0000644000000000000000000000012412145435573016574 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.836943 30 ctime=1369319079.836943417 fwlogwatch-1.4/cisco_ios.h0000644000000000000000000000032012145435573015650 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: cisco_ios.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _CISCO_IOS_H #define _CISCO_IOS_H unsigned char flex_cisco_ios(char *input, int linenum); #endif fwlogwatch-1.4/PaxHeaders.8080/ChangeLog0000644000000000000000000000012412147420772016220 xustar000000000000000027 mtime=1369317882.372329 27 atime=1369319079.866943 30 ctime=1369319079.866943191 fwlogwatch-1.4/ChangeLog0000644000000000000000000001672712147420772015316 0ustar00rootroot00000000000000$Id: ChangeLog 733 2013-05-23 14:04:42Z bw $ Version 1.4 2013-05-23 - Added IPv6 support to ipfilter parser - Added rsyslog timestamp format (RFC5424) to netfilter parser - Modified DNS forward resolution to only use same protocol as reverse - Various small fixes in parsers and compiler warnings Version 1.3 2011-11-11 - Added general IPv6 support, currently only the netfilter parser and dns cache make use of it - Added DNS cache initialization with a hosts file - Extended Cisco PIX/ASA parser, it also uses the dns cache now - Various small fixes Version 1.2 2010-10-10 - Extended netfilter and Cisco PIX/ASA parsers - Removed interactive reporting mode - Removed Windows XP firewall log parser - Large amounts of fixes Version 1.1 2006-04-17 - Several parser modifications triggered by log submissions - Added GNU adns support - Various small fixes Version 1.0 2004-04-25 - Made status page interactive - Added dynamic memory allocation and fixed memory leaks - Added basic ipfw and fwsm support - Added stateful start to realtime response mode - Added command line option to set report title - Added port number to -X option - Added CIDR support for host inclusion/exclusion - Created web page for submission of unrecognized entries - Updated HTML DTD to XHTML 1.1 - Updated CSS and inverted the color scheme - Small parser improvements - Various small fixes Version 0.9.3 2003-06-23 - Added inclusion/exclusion functions to the command line - Added external stylesheet embedding in realtime response mode - All html colors are done with css styles now - Unified some output functions, small cleanups - Small parser improvements - Various small fixes Version 0.9.2 2003-04-08 - Fixed problems with multiple input file support, whois resolver and status web server page reload Version 0.9.1 2003-03-22 - Added multiple input file support - Various small fixes Version 0.9 2002-08-20 - Added NetScreen support - Added basic PIX version 6 support to Cisco PIX parser - Added Elsa Lancom support contributed by Mirko Zeibig - Added -M (maximum) option as suggested by Bram Vandoren - Added php frontend (rewrite of a script by Kyle Amon) - Added IPv6 support to status web server - Various small fixes Version 0.8.1 2002-05-15 - Modified several output functions to improve portability Version 0.8 2002-05-08 - Added Snort support - Added support for sending summaries by email (-T option) - Made zlib and gettext support compile time options (-V shows options used) - Changes in the parsers and CIDR code - Various small fixes Version 0.7.1 2002-04-04 was not officially released Version 0.7 2002-03-27 - Several realtime response improvements - Added support for configuration changes while running - Added support for include files in configuration files - Status page can be sorted and supports the at_least option - SIGUSR1 reopens the log file, SIGHUP rereads the configuration file - Documentation was updated - HTML output now mostly uses inline CSS for colors and fonts - Added support for external stylesheets and basic HTML color names - The default configuration file is not parsed anymore if an alternative configuration file is specified - Rewrote parts of the ipfilter parser to support resolved IP addresses in logs - Various small fixes Version 0.6 2002-02-24 - Added chain and branch selection/exclusion options - Added Windows XP firewall log parser - Added option to drop privileges when running as daemon - Added traditional chinese translation (the existing is simplified chinese) - Various small fixes Version 0.5.2 2002-01-27 - Added 'title' option: The title of the summary and the realtime response status page can be customized in the configuration file - Added -e option: 'show end times', -t now only shows start times - Added -N option: 'resolve service names' is a new option and off by default now - Added swedish translation - I18n adjustments, small fixes Version 0.5.1 2001-11-18 - Various fixes: whois code, mode selection, endianness problems, realtime response with destination/port distinction, forward chain blocking for iptables, international encoding, portability - Added chinese and portuguese translations Version 0.5 2001-10-11 - Added internationalization support with german as first language - Added support for input from stdin in all modes - Added options to specify paths for notifications and response scripts - Made the check for correct ipchains rules a config file option - Modified realtime response reaction behaviour when attacker insists - Added display of selected parser options in realtime response status page - Added automatic refresh of realtime response status page - FreeBSD portablility fixes - Various small fixes Version 0.4 2001-08-19 - Added whois information lookup - Added sorting by end time - Changed pid file handling - Renamed and introduced new listen_to option (bind_to) - Implemented SIGHUP handling (e.g. for log rotation) - Updated CGI scripts - Added init script for redhat linux - Various small fixes Version 0.3.1 2001-05-25 - Rewrote netfilter prefix parsing code - Made long list/chain/branch/interface names the default - Fixed a sorting stability problem - OpenBSD portability changes - Various small fixes Version 0.3 2001-04-08 - Rewrote realtime response mode to use external scripts for notifications and responses - Added a first version of Cisco PIX parser - Added 'last message repeated' handling code - Unrecognized text is now only displayed in verbose mode Version 0.2.1 2001-03-09 - Added compressed input file support - Added total packet length sum option - Added support for long chain/branch/interface names - Modified time output (summary shows times of packet log entries, log times mode shows times of all entries) - Various small fixes and cleanups Version 0.2 2001-02-10 - Added ipfilter support - Added host and port selection/exclusion support - Added support for parser selection - Realtime response mode is available also in non-ipchains and non-root environments now - Various small fixes Version 0.1.3 2001-01-22 - Replaced the sorting algorithm with a stunningly fast linked list mergesort - Added two more sorting modes - Added PID file for realtime response mode - Added CIDR notation support to known host feature Version 0.1.2 2001-01-16 - Fixed some remaining problems in realtime response mode Version 0.1.1 2001-01-12 - Various small fixes Version 0.1 2001-01-07 - Rewrote IP Address handling code - Small parser and output extensions - Added mode collision detection - Fixed time calculation problem and warp detection Version 0.0.28 2000-12-26 - Rewrote ipchains parser (converted to flex) - Added support for Cisco uptime log format Version 0.0.27 2000-12-08 - Solaris portability patches - Added at_least option Version 0.0.26 2000-11-11 - Added basic Cisco support - Various small fixes Version 0.0.25 2000-11-06 - Added basic netfilter support - Several internal optimizations - Various small fixes Version 0.0.24 2000-11-01 - Extended the man page and added some options to the command line that were available only in the configuration file - Various fixes and code cleanups - Improved web interface Version 0.0.23 2000-10-27 - Colors of the HTML output can be changed in the configuration file - Multiple actions can be combined in realtime response mode - Added mail notification option to realtime response mode - Added sort order options - Added daemon status display through own web server Version 0.0.22 2000-10-23 - Better sample configuration - Improved CGI demos - Various small fixes Version 0.0.21 2000-10-22 - Initial public release fwlogwatch-1.4/PaxHeaders.8080/response.c0000644000000000000000000000012412145435573016453 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.863943 30 ctime=1369319079.863943213 fwlogwatch-1.4/response.c0000644000000000000000000002476512145435573015552 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: response.c 731 2013-05-17 14:15:23Z bw $ */ #include #include #include #include #include #include #include #include #include #include #include #include "response.h" #include "main.h" #include "utils.h" struct known_hosts *first_host = NULL; extern struct options opt; extern struct conn_data *first; void check_for_ipchains() { char buf[BUFSIZE]; unsigned int found = 0; FILE *fd; int retval; char chain[10], src_dst[36], interface[16]; unsigned int fw_flg, fw_invflg, protocol; char rest[80]; fd = fopen("/proc/net/ip_fwchains", "r"); if (fd == NULL) { syslog(LOG_NOTICE, "fopen /proc/net/ip_fwchains: %s", strerror(errno)); log_exit(EXIT_FAILURE); } while (fgets(buf, BUFSIZE, fd)) { retval = sscanf(buf, "%10s %36s %16s %6X %6X %5u %80s\n", chain, src_dst, interface, &fw_flg, &fw_invflg, &protocol, rest); if (retval == 7) { if (fw_flg & IP_FW_F_PRN) { found++; } } } retval = fclose(fd); if (retval == EOF) { syslog(LOG_NOTICE, "fclose /proc/net/ip_fwchains: %s", strerror(errno)); } if (found > 0) { if (found == 1) { syslog(LOG_NOTICE, _("One logging ipchains firewall rule defined")); } else { syslog(LOG_NOTICE, _("%u logging ipchains firewall rules defined"), found); } } else { syslog(LOG_NOTICE, _("No logging ipchains firewall rules defined, format was requested")); log_exit(EXIT_FAILURE); } } void check_script_perms(char *name) { int retval; struct stat *buf; buf = xmalloc(sizeof(struct stat)); retval = stat(name, buf); if (retval == -1) { syslog(LOG_NOTICE, "stat %s: %s", name, strerror(errno)); free(buf); log_exit(EXIT_FAILURE); } if ((getuid() == 0) || (geteuid() == 0)) { if ((buf->st_mode & (S_IWGRP | S_IWOTH)) != 0) { syslog(LOG_NOTICE, _("%s is group/world writable"), name); free(buf); log_exit(EXIT_FAILURE); } } free(buf); } void modify_firewall(unsigned char action) { char buf[BUFSIZE]; if (action == FW_START) { snprintf(buf, BUFSIZE, "%s start", opt.respond_script); run_command(buf); } else if (action == FW_STOP) { snprintf(buf, BUFSIZE, "%s stop", opt.respond_script); run_command(buf); } } void react(unsigned char mode, struct known_hosts *this_host) { char buf[BUFSIZE], buf2[BUFSIZE]; if (mode == EX_NOTIFY) { xstrncpy(buf, opt.notify_script, BUFSIZE); } else { xstrncpy(buf, opt.respond_script, BUFSIZE); if (mode == EX_RESPOND_ADD) { strncat(buf, " add", BUFSIZE - strlen(buf) - 1); } else { strncat(buf, " remove", BUFSIZE - strlen(buf) - 1); } } snprintf(buf2, BUFSIZE, " %d %s", this_host->count, my_inet_ntop(&this_host->shost)); strncat(buf, buf2, BUFSIZE - strlen(buf) - 1); if (opt.dst_ip) { snprintf(buf2, BUFSIZE, " %s", my_inet_ntop(&this_host->dhost)); strncat(buf, buf2, BUFSIZE - strlen(buf) - 1); } else { strncat(buf, " -", BUFSIZE - strlen(buf) - 1); } if (opt.proto) { snprintf(buf2, BUFSIZE, " %d", this_host->protocol); strncat(buf, buf2, BUFSIZE - strlen(buf) - 1); } else { strncat(buf, " -", BUFSIZE - strlen(buf) - 1); } if (opt.src_port) { snprintf(buf2, BUFSIZE, " %d", this_host->sport); strncat(buf, buf2, BUFSIZE - strlen(buf) - 1); } else { strncat(buf, " -", BUFSIZE - strlen(buf) - 1); } if (opt.dst_port) { snprintf(buf2, BUFSIZE, " %d", this_host->dport); strncat(buf, buf2, BUFSIZE - strlen(buf) - 1); } else { strncat(buf, " -", BUFSIZE - strlen(buf) - 1); } run_command(buf); } void remove_old(unsigned char mode) { time_t now; unsigned char is_first; now = time(NULL); if (mode & RESP_REMOVE_OPC) { struct conn_data *prev, *this; prev = this = first; is_first = 1; while (this != NULL) { if ((now - this->end_time) >= opt.recent) { if (opt.verbose == 2) syslog(LOG_NOTICE, _("Deleting packet cache entry (%s)"), my_inet_ntop(&this->shost)); if (is_first == 1) { prev = this->next; free(this->hostname); free(this->chainlabel); free(this->branchname); free(this->interface); free(this); first = this = prev; } else { this = this->next; free(prev->next->hostname); free(prev->next->chainlabel); free(prev->next->branchname); free(prev->next->interface); free(prev->next); prev->next = this; } } else { prev = this; this = this->next; is_first = 0; } } } if (mode & RESP_REMOVE_OHS) { struct known_hosts *prev_host, *this_host; prev_host = this_host = first_host; is_first = 1; while (this_host != NULL) { if ((this_host->time != 0) && ((now - this_host->time) >= opt.recent)) { if (opt.verbose == 2) syslog(LOG_NOTICE, _("Deleting host status entry (%s)"), my_inet_ntop(&this_host->shost)); if (opt.response & OPT_RESPOND) react(EX_RESPOND_REMOVE, this_host); if (is_first == 1) { prev_host = this_host->next; free(this_host); first_host = this_host = prev_host; } else { this_host = this_host->next; free(prev_host->next); prev_host->next = this_host; } } else { prev_host = this_host; this_host = this_host->next; is_first = 0; } } } } struct known_hosts *is_known(struct conn_data *host) { struct known_hosts *this_host; int i; struct in6_addr testhost; this_host = first_host; while (this_host != NULL) { for (i = 0; i < 16; i++) testhost.s6_addr[i] = host->shost.s6_addr[i] & this_host->netmask.s6_addr[i]; if (memcmp(&this_host->shost, &testhost, sizeof(struct in6_addr)) != 0) { goto no_match; } if (this_host->time == 0) return this_host; if ((opt.dst_ip) && (compare_ipv6_equal(&this_host->dhost, &host->dhost) != 0)) { goto no_match; } if ((opt.dst_port) && (this_host->dport != host->dport)) { goto no_match; } if ((opt.src_port) && (this_host->sport != host->sport)) { goto no_match; } if ((opt.proto) && (this_host->protocol != host->protocol)) { goto no_match; } break; no_match: this_host = this_host->next; } return this_host; } void look_for_alert() { struct conn_data *this; unsigned char modified = 0; this = first; while (this != NULL) { if (this->count >= opt.threshold) { struct known_hosts *this_host; this_host = is_known(this); if (this_host == NULL) { this_host = xmalloc(sizeof(struct known_hosts)); this_host->time = time(NULL); this_host->count = (this->count / opt.threshold) * opt.threshold; this_host->shost = this->shost; memset(&this_host->netmask, 0xff, sizeof(struct in6_addr)); this_host->protocol = this->protocol; this_host->dhost = this->dhost; this_host->sport = this->sport; this_host->dport = this->dport; this_host->id = opt.global_id++; this_host->next = first_host; first_host = this_host; syslog(LOG_NOTICE, _("ALERT: %d attempts from %s"), this_host->count, my_inet_ntop(&this_host->shost)); if (opt.response & OPT_NOTIFY) react(EX_NOTIFY, this_host); if (opt.response & OPT_RESPOND) react(EX_RESPOND_ADD, this_host); } else { this_host->count = this_host->count + ((this->count / opt.threshold) * opt.threshold); if (this_host->time != 0) this_host->time = time(NULL); } this->count = (this->count % opt.threshold); if (this->count == 0) { this->end_time = 1; modified = 1; } } this = this->next; } if (modified) remove_old(RESP_REMOVE_OPC); } unsigned char hs_compare(struct known_hosts *op1, struct known_hosts *op2) { unsigned char cond = 0; time_t now; switch (opt.sortfield) { case SORT_COUNT: if (opt.sortmode == ORDER_ASCENDING) { if (op1->count > op2->count) cond++; } else { if (op1->count < op2->count) cond++; } break; case SORT_START_TIME: if (opt.sortmode == ORDER_ASCENDING) { if (op1->time > op2->time) cond++; } else { if (op1->time < op2->time) cond++; } break; case SORT_END_TIME: now = time(NULL); if (opt.sortmode == ORDER_ASCENDING) { if ((now - op1->time) < (now - op2->time)) cond++; } else { if ((now - op1->time) > (now - op2->time)) cond++; } break; case SORT_PROTOCOL: if (opt.sortmode == ORDER_ASCENDING) { if (op1->protocol > op2->protocol) cond++; } else { if (op1->protocol < op2->protocol) cond++; } break; case SORT_SOURCEHOST: if (opt.sortmode == ORDER_ASCENDING) { if (compare_ipv6(&op1->shost, &op2->shost) == -1) cond++; } else { if (compare_ipv6(&op1->shost, &op2->shost) == 1) cond++; } break; case SORT_SOURCEPORT: if (opt.sortmode == ORDER_ASCENDING) { if (op1->sport > op2->sport) cond++; } else { if (op1->sport < op2->sport) cond++; } break; case SORT_DESTHOST: if (opt.sortmode == ORDER_ASCENDING) { if (compare_ipv6(&op1->dhost, &op2->dhost) == -1) cond++; } else { if (compare_ipv6(&op1->dhost, &op2->dhost) == 1) cond++; } break; case SORT_DESTPORT: if (opt.sortmode == ORDER_ASCENDING) { if (op1->dport > op2->dport) cond++; } else { if (op1->dport < op2->dport) cond++; } } return cond; } struct known_hosts *fwlw_hs_mergesort(struct known_hosts *list) { struct known_hosts *p, *q, *e, *tail; int size, merges, psize, qsize, i; switch (opt.sortfield) { case SORT_COUNT: case SORT_START_TIME: case SORT_END_TIME: case SORT_PROTOCOL: case SORT_SOURCEHOST: case SORT_SOURCEPORT: case SORT_DESTHOST: case SORT_DESTPORT: if (list != NULL) { size = 1; while (1) { p = list; list = tail = NULL; merges = 0; while (p != NULL) { merges++; q = p; psize = 0; for (i = 0; i < size; i++) { psize++; q = q->next; if (q == NULL) break; } qsize = size; while (psize > 0 || ((qsize > 0) && (q != NULL))) { if (psize == 0) { e = q; q = q->next; qsize--; } else if (qsize == 0 || (q == NULL)) { e = p; p = p->next; psize--; } else if (hs_compare(p, q) <= 0) { e = p; p = p->next; psize--; } else { e = q; q = q->next; qsize--; } if (tail != NULL) { tail->next = e; } else { list = e; } tail = e; } p = q; } tail->next = NULL; if (merges <= 1) return list; size *= 2; } } else { return NULL; } break; default: return list; } } fwlogwatch-1.4/PaxHeaders.8080/main.h0000644000000000000000000000012312147420772015542 xustar000000000000000027 mtime=1369317882.372329 27 atime=1369319079.890943 29 ctime=1369319079.89094301 fwlogwatch-1.4/main.h0000644000000000000000000002171412147420772014631 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: main.h 733 2013-05-23 14:04:42Z bw $ */ #ifndef _MAIN_H #define _MAIN_H #define PACKAGE "fwlogwatch" #define VERSION "1.4 2013-05-23" #define COPYRIGHT "Boris Wesslowski" /* Paths */ #define INSTALL_DIR "/usr/local" #define CONF_DIR "/etc" #define LOCALE_DIR "/usr" /* i18n */ #ifdef HAVE_GETTEXT #include #define _(String) gettext(String) #define LOCALEDIR LOCALE_DIR "/share/locale" #else #define _(String) String #endif /* Data sizes */ #define BUFSIZE 1024 #define BUFSIZE_S "1024" #define FILESIZE 256 #define TIMESIZE 64 #define HOSTLEN 256 #define HOSTLEN_M1_S "255" #define SHOSTLEN 32 #define SHOSTLEN_S "32" #define IPLEN 16 #define IP6LEN 40 #define EMAILSIZE 80 #define COLORSIZE 8 #define MAXSORTSIZE 24 #define USERSIZE 16 #define PASSWORDSIZE 76 #define WHOISCMDLEN 32 #define WHOISDESCLEN 64 #define WHOISROUTELEN 20 #define TITLESIZE 64 #define CSSSIZE 64 #ifndef SHORT_NAMES #define SHORTLEN 128 #define SHORTLEN_S "128" #else #define SHORTLEN 10 #define SHORTLEN_S "10" #endif /* Files */ #ifndef SOLARIS #define INFILE "/var/log/messages" #else #define INFILE "/var/adm/messages" #endif #define RCFILE CONF_DIR "/fwlogwatch.config" /* Includes */ #ifdef HAVE_ZLIB #include #endif enum { MAY_NOT_EXIST, MUST_EXIST }; enum { NO, YES }; enum { HASH_IGNORE, HASH_ENDS_INPUT }; /* Modes */ enum { LOG_SUMMARY, REALTIME_RESPONSE, SHOW_LOG_TIMES }; /* Parser */ #define PARSER_IPCHAINS 1 #define PARSER_NETFILTER 2 #define PARSER_CISCO_IOS 4 #define PARSER_IPFILTER 8 #define PARSER_CISCO_PIX 16 #define PARSER_SNORT 64 #define PARSER_NETSCREEN 128 #define PARSER_LANCOM 256 #define PARSER_IPFW 512 enum { PARSE_OK, PARSE_ERROR, PARSE_NO_HIT, PARSE_WRONG_FORMAT, PARSE_TOO_OLD, PARSE_EXCLUDED }; enum { IN_ADDR_OK, IN_ADDR_ERROR }; enum { RCFILE_CF, RCFILE_DNS }; /* TCP flags */ #define TCP_SYN 1 #define TCP_ACK 2 #define TCP_FIN 4 #define TCP_RST 8 #define TCP_PSH 16 #define TCP_URG 32 /* ipchains support */ #define IPCHAINS_DATE 1 #define IPCHAINS_DATA 2 #define IPCHAINS_IPS 4 /* netfilter support */ #define NF_DATE 1 #define NF_IN 2 #define NF_SRC 4 #define NF_DST 8 #define NF_PROTO 16 #define NF_SPT 32 #define NF_DPT 64 #define NF_TYPE 128 #define NF_CODE 256 enum { NF_OPT_NOPREFIX, NF_OPT_PREFIX, NF_OPT_PREFIX_KTIME, NF_OPT_SRC, NF_OPT_DST, NF_OPT_SRC6, NF_OPT_DST6 }; /* cisco ios support */ #define CISCO_IOS_DATE 1 #define CISCO_IOS_SRC 2 #define CISCO_IOS_DST 4 #define CISCO_IOS_PROTO 8 #define CISCO_IOS_COUNT 16 enum { CI_OPT_NONE, CI_OPT_HOST, CI_OPT_MSEC, CI_OPT_PORT, CI_OPT_MISSING, CI_OPT_TYPE }; /* cisco pix support */ #define CISCO_PIX_DATE 1 #define CISCO_PIX_SRC 2 #define CISCO_PIX_DST 4 #define CISCO_PIX_NO_HIT 8 enum { CP_OPT_NONE, CP_OPT_HOST, CP_OPT_TCP, CP_OPT_TCP_S, CP_OPT_TCP_S2, CP_OPT_TCP_N, CP_OPT_TCP_N2, CP_OPT_UDP, CP_OPT_UDP_S, CP_OPT_UDP_S2, CP_OPT_UDP_N, CP_OPT_UDP_N2, CP_OPT_UDP_NOPORT, CP_OPT_ICMP, CP_OPT_ICMP_S, CP_OPT_ICMP_S2, CP_OPT_ICMP_N2, CP_OPT_DST, CP_OPT_DST_S, CP_OPT_DST_S2, CP_OPT_DST_N, CP_OPT_DST_N2, CP_OPT_DST_I }; /* ipfilter support */ #define IPF_DATE 1 #define IPF_DATA 2 #define IPF_PROTO 4 #define IPF_SRC_IP 8 #define IPF_DST_IP 16 #define IPF_SRC_PORT 32 #define IPF_DST_PORT 64 #define IPF_NO_HIT 128 #define IPF_OPT_NONE 1 #define IPF_OPT_COUNT 2 #define IPF_OPT_SRC 4 #define IPF_OPT_DST 8 #define IPF_OPT_RES 16 #define IPF_OPT_PORT 32 #define IPF_OPT_RPORT 64 /* ipfw support */ #define IPFW_DATE 1 #define IPFW_CHAIN 2 #define IPFW_BRANCH 4 #define IPFW_PROTO 8 #define IPFW_IPS 16 #define IPFW_PORTS 32 #define IPFW_IF 64 enum { IPFW_OPT_NONE, IPFW_OPT_ICMP, IPFW_OPT_PORTS }; /* snort support */ #define SNORT_DATE 1 #define SNORT_CHAIN 2 #define SNORT_BRANCH 4 #define SNORT_PROTO 8 #define SNORT_SRC 16 #define SNORT_DST 32 #define SNORT_NO_HIT 64 #define SNORT_OPT_SRC 1 #define SNORT_OPT_DST 2 #define SNORT_OPT_PORT 4 /* netscreen support */ #define NS_DATE 1 #define NS_SRC 2 #define NS_DST 4 #define NS_SPORT 8 #define NS_DPORT 16 #define NS_BN 32 #define NS_PROTO 64 #define NS_NO_HIT 128 enum { NETSCREEN_OPT_SRC, NETSCREEN_OPT_DST }; /* Sorting */ enum { SORT_COUNT, SORT_START_TIME, SORT_END_TIME, SORT_DELTA_TIME, SORT_CHAINLABEL, SORT_PROTOCOL, SORT_DATALEN, SORT_SOURCEHOST, SORT_SOURCEPORT, SORT_DESTHOST, SORT_DESTPORT }; enum { ORDER_ASCENDING, ORDER_DESCENDING }; /* WHOIS lookup */ #define RADB "whois.radb.net" #define WHOIS 43 /* HTML output */ #define TEXTCOLOR "black" #define BGCOLOR "white" #define ROWCOLOR1 "#EEEEEE" #define ROWCOLOR2 "#DDDDDD" /* Log summary mode */ #define SUMMARY_TITLE _("fwlogwatch summary") #define SORTORDER "cd" #define P_SENDMAIL "/usr/sbin/sendmail" /* Realtime response mode */ #define ALERT 5 #define FORGET 86400 #define FWLW_NOTIFY INSTALL_DIR "/sbin/fwlw_notify" #define FWLW_RESPOND INSTALL_DIR "/sbin/fwlw_respond" #define STATUS_TITLE _("fwlogwatch status") #define LISTENIF "::1" #define LISTENPORT 888 #define DEFAULT_USER "admin" #define DEFAULT_PASSWORD "2fi4nEVVz0IXo" /* fwlogwat[ch] DES only supports 8 characters */ #define OPT_LOG 1 #define OPT_NOTIFY 2 #define OPT_RESPOND 4 #define EX_NOTIFY 1 #define EX_RESPOND_ADD 2 #define EX_RESPOND_REMOVE 3 #define RESP_REMOVE_OPC 1 #define RESP_REMOVE_OHS 2 enum { FW_START, FW_STOP }; enum { NO_NET_OPTS_PC, NET_OPTS_PC, NO_SORTING, SORTING, SORT_PC, SORT_HS }; enum { STATUS_OFF, STATUS_OK, FD_ERROR }; enum { HEADER_COMPLETE, HEADER_CONTINUES }; /* Data structures */ #include #include struct log_line { time_t time; char hostname[SHOSTLEN]; char chainlabel[SHORTLEN]; char branchname[SHORTLEN]; char interface[SHORTLEN]; int protocol; unsigned long int datalen; struct in6_addr shost; int sport; struct in6_addr dhost; int dport; unsigned char flags; int count; }; struct conn_data { int count; time_t start_time; time_t end_time; char *hostname; char *chainlabel; char *branchname; char *interface; int protocol; unsigned long int datalen; struct in6_addr shost; int sport; struct in6_addr dhost; int dport; unsigned char flags; int id; struct conn_data *next; }; struct input_file { char *name; struct input_file *next; }; struct dns_cache { struct in6_addr ip; char *fqdn; struct dns_cache *next; }; struct whois_entry { char *ip_route; int as_number; char *ip_descr; char *as_descr; struct whois_entry *next; }; struct known_hosts { time_t time; int count; struct in6_addr shost; struct in6_addr netmask; struct in6_addr dhost; int protocol; int sport; int dport; int id; struct known_hosts *next; }; struct parser_options { unsigned char mode; struct in6_addr host; struct in6_addr netmask; unsigned long int value; char *svalue; struct parser_options *next; }; #define PARSER_MODE_DEFAULT 0 #define PARSER_MODE_NOT 1 #define PARSER_MODE_HOST 2 #define PARSER_MODE_PORT 4 #define PARSER_MODE_SRC 8 #define PARSER_MODE_CHAIN 16 #define PARSER_MODE_BRANCH 32 enum { P_MATCH_NONE, P_MATCH_EXC, P_MATCH_INC }; struct options { unsigned char mode; FILE *inputfd; #ifdef HAVE_ZLIB gzFile gzinputfd; #endif unsigned char std_in; unsigned char verbose; unsigned char resolve; unsigned char sresolve; unsigned char whois_lookup; int whois_sock; int filecount; char rcfile[FILESIZE]; char rcfile_dns[FILESIZE]; struct log_line *line; char format_sel[SHORTLEN]; unsigned int format; unsigned int parser; unsigned char repeated; int orig_count; unsigned char src_ip; unsigned char dst_ip; unsigned char proto; unsigned char src_port; unsigned char dst_port; unsigned char opts; unsigned char datalen; unsigned char stimes; unsigned char etimes; unsigned char duration; char sort_order[MAXSORTSIZE]; unsigned char sortfield; unsigned char sortmode; unsigned char html; unsigned char use_out; char outputfile[FILESIZE]; char title[TITLESIZE]; char stylesheet[CSSSIZE]; char textcol[COLORSIZE]; char bgcol[COLORSIZE]; char rowcol1[COLORSIZE]; char rowcol2[COLORSIZE]; unsigned char loghost; char hostname[SHOSTLEN]; unsigned char chains; char chainlabel[SHORTLEN]; unsigned char branches; char branchname[SHORTLEN]; unsigned char ifs; char interface[SHORTLEN]; time_t now; int recent; int threshold; int least; int max; char sender[EMAILSIZE]; char recipient[EMAILSIZE]; char cc[EMAILSIZE]; unsigned char response; unsigned char ipchains_check; char pidfile[FILESIZE]; char notify_script[FILESIZE]; char respond_script[FILESIZE]; char run_as[USERSIZE]; unsigned char status; unsigned char stateful_start; int sock; char listenif[IP6LEN]; char listento[IP6LEN]; int listenport; char user[USERSIZE]; char password[PASSWORDSIZE]; int refresh; unsigned char webpage; int global_id; char ntop[INET6_ADDRSTRLEN]; }; #endif fwlogwatch-1.4/PaxHeaders.8080/ipfilter.l0000644000000000000000000000012412145435573016444 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.887943 30 ctime=1369319079.887943032 fwlogwatch-1.4/ipfilter.l0000644000000000000000000002433612145435573015535 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: ipfilter.l 731 2013-05-17 14:15:23Z bw $ */ %option prefix="ipf" %option outfile="ipfilter.c" %option noyywrap %{ #define YY_NO_INPUT #include #include #include #include #include "main.h" #include "utils.h" extern struct options opt; void ipf_parse_date(char *input); void ipf_parse_data(char *input, unsigned char mode); void ipf_parse_ips(char *input, unsigned char mode); void ipf_parse_proto(char *input); void ipf_parse_flags(char *input); %} MONTH "Jan"|"Feb"|"Mar"|"Apr"|"May"|"Jun"|"Jul"|"Aug"|"Sep"|"Oct"|"Nov"|"Dec" STRING [a-zA-Z0-9.,_-]* LOGHOST [0-9.a-zA-Z()_:-]* DIGIT [0-9] NUMBER {DIGIT}+ HEXDIGIT [0-9a-f] OCTET {DIGIT}{1,3} PORT {DIGIT}{1,5} IPFILTER "ipmon["{NUMBER}"]:" FLAGS "-"[SAFRPU]+ PROTO [0-9a-z-]+ TARGET [SpPbBnL] IPV4ADDR {OCTET}"."{OCTET}"."{OCTET}"."{OCTET} IPV6ADDR ([0-9a-f]{1,4}":"+){1,7}[0-9a-f]{1,4} IPV4OR6ADDR ({IPV4ADDR}|{IPV6ADDR}) %% {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}[ ]{LOGHOST} ipf_parse_date(ipftext); {IPFILTER} /* ignore */ "[ID "{NUMBER}" "{STRING}"]" /* ignore */ {DIGIT}{2}":"{DIGIT}{2}":"{DIGIT}{2}"."{DIGIT}{6} /* ignore */ {STRING}[ ]"@"{NUMBER}":"{NUMBER}[ ]{TARGET} ipf_parse_data(ipftext, IPF_OPT_NONE); {NUMBER}"x"[ ]+{STRING}[ ]"@"{NUMBER}":"{NUMBER}[ ]{TARGET} ipf_parse_data(ipftext, IPF_OPT_COUNT); {IPV4OR6ADDR} ipf_parse_ips(ipftext, IPF_OPT_SRC); " -> "{IPV4OR6ADDR} ipf_parse_ips(ipftext+4, IPF_OPT_DST); {IPV4OR6ADDR}","{PORT} ipf_parse_ips(ipftext, IPF_OPT_SRC|IPF_OPT_PORT); " -> "{IPV4OR6ADDR}","{PORT} ipf_parse_ips(ipftext+4, IPF_OPT_DST|IPF_OPT_PORT); {STRING}"["{IPV4OR6ADDR}"]" ipf_parse_ips(ipftext, IPF_OPT_SRC|IPF_OPT_RES); " -> "{STRING}"["{IPV4OR6ADDR}"]" ipf_parse_ips(ipftext+4, IPF_OPT_DST|IPF_OPT_RES); {STRING}"["{IPV4OR6ADDR}"],"{PORT} ipf_parse_ips(ipftext, IPF_OPT_SRC|IPF_OPT_RES|IPF_OPT_PORT); " -> "{STRING}"["{IPV4OR6ADDR}"],"{PORT} ipf_parse_ips(ipftext+4, IPF_OPT_DST|IPF_OPT_RES|IPF_OPT_PORT); {IPV4OR6ADDR}","{STRING} ipf_parse_ips(ipftext, IPF_OPT_SRC|IPF_OPT_RPORT); " -> "{IPV4OR6ADDR}","{STRING} ipf_parse_ips(ipftext+4, IPF_OPT_DST|IPF_OPT_RPORT); {STRING}"["{IPV4OR6ADDR}"],"{STRING} ipf_parse_ips(ipftext, IPF_OPT_SRC|IPF_OPT_RES|IPF_OPT_RPORT); " -> "{STRING}"["{IPV4OR6ADDR}"],"{STRING} ipf_parse_ips(ipftext+4, IPF_OPT_DST|IPF_OPT_RES|IPF_OPT_RPORT); "PR icmpv6" opt.line->protocol = 58; opt.parser=opt.parser|IPF_PROTO; "PR "{PROTO} ipf_parse_proto(ipftext+3); "len "{NUMBER}[ ][(]?{NUMBER}[)]? opt.line->datalen = atoi(ipftext+4); "frag "{NUMBER}"@"{NUMBER} /* ignore */ "icmp "{DIGIT}{1,2}"/"{DIGIT}{1,2} sscanf(ipftext, "icmp %d/%d", &opt.line->sport, &opt.line->dport); opt.parser=opt.parser|IPF_SRC_PORT|IPF_DST_PORT; "icmp"("v6")?" echo/0" opt.line->sport = 8; opt.line->dport = 0; opt.parser=opt.parser|IPF_SRC_PORT|IPF_DST_PORT; "icmp echoreply/0" opt.line->sport = 0; opt.line->dport = 0; opt.parser=opt.parser|IPF_SRC_PORT|IPF_DST_PORT; "icmp sourcequench/0" opt.line->sport = 4; opt.line->dport = 0; opt.parser=opt.parser|IPF_SRC_PORT|IPF_DST_PORT; "icmp unreach/host" opt.line->sport = 3; opt.line->dport = 1; opt.parser=opt.parser|IPF_SRC_PORT|IPF_DST_PORT; "icmp unreach/port" opt.line->sport = 3; opt.line->dport = 3; opt.parser=opt.parser|IPF_SRC_PORT|IPF_DST_PORT; "icmp unreach/admin_prohibit" opt.line->sport = 3; opt.line->dport = 10; opt.parser=opt.parser|IPF_SRC_PORT|IPF_DST_PORT; "icmp timxceed/intrans" opt.line->sport = 11; opt.line->dport = 1; opt.parser=opt.parser|IPF_SRC_PORT|IPF_DST_PORT; "for "{IPV4OR6ADDR}","{PORT}" - "{IPV4OR6ADDR}","{PORT}" PR "{PROTO}" len "{NUMBER}[ ]{NUMBER} /* ignore */ "for "{IPV4OR6ADDR}","{STRING}" - "{STRING}"["{IPV4OR6ADDR}"],"{STRING}" PR "{PROTO}" len "{NUMBER}[ ]{NUMBER} /* ignore */ "for "{STRING}"["{IPV4OR6ADDR}"],"{PORT}" - "{IPV4OR6ADDR}","{PORT}" PR "{PROTO}" len "{NUMBER}[ ]{NUMBER} /* ignore */ "for "{STRING}"["{IPV4OR6ADDR}"],"{PORT}" - "{IPV4OR6ADDR}","{STRING}" PR "{PROTO}" len "{NUMBER}[ ]{NUMBER} /* ignore */ "for "{STRING}"["{IPV4OR6ADDR}"] - "{STRING}"["{IPV4OR6ADDR}"] PR "{PROTO}" len "{NUMBER}" ("{NUMBER}")" /* ignore */ "for "{STRING}"["{IPV4OR6ADDR}"],"{PORT}" - "{STRING}"["{IPV4OR6ADDR}"],"{PORT}" PR "{PROTO}" len "{NUMBER}[ ]{NUMBER} /* ignore */ "for "{STRING}"["{IPV4OR6ADDR}"],"{PORT}" - "{STRING}"["{IPV4OR6ADDR}"],"{STRING}" PR "{PROTO}" len "{NUMBER}[ ]{NUMBER} /* ignore */ {FLAGS} ipf_parse_flags(ipftext+1); "K-S" /* ignore */ "K-F" /* ignore */ "IN" /* ignore */ "OUT" /* ignore */ "mbcast" /* ignore */ "low-ttl" /* ignore */ {NUMBER}[ ]{NUMBER}[ ]{NUMBER}" IN" /* ignore */ ({HEXDIGIT}{HEXDIGIT}[ ]?)+[ ]+[ -~]+ opt.parser=opt.parser|IPF_NO_HIT; [ \t]+ /* ignore whitespace */ [\n] /* ignore */ {STRING} if(opt.verbose) fprintf(stderr, "Unrecognized token: %s\n", ipftext); . if(opt.verbose) fprintf(stderr, "Unrecognized character: %s\n", ipftext); %% void ipf_parse_date(char *input) { int retval, day, hour, minute, second; char smonth[4]; retval = sscanf(input, "%3s %2d %2d:%2d:%2d %32s", smonth, &day, &hour, &minute, &second, opt.line->hostname); if (retval != 6) return; build_time(smonth, day, hour, minute, second); opt.parser = opt.parser | IPF_DATE; } void ipf_parse_data(char *input, unsigned char mode) { int retval; if (mode == IPF_OPT_COUNT) { retval = sscanf(input, "%dx %" SHORTLEN_S "s @%" SHORTLEN_S "s %" SHORTLEN_S "s", &opt.line->count, opt.line->interface, opt.line->chainlabel, opt.line->branchname); if (retval != 4) return; } else { retval = sscanf(input, "%" SHORTLEN_S "s @%" SHORTLEN_S "s %" SHORTLEN_S "s", opt.line->interface, opt.line->chainlabel, opt.line->branchname); if (retval != 3) return; opt.line->count = 1; } opt.parser = opt.parser | IPF_DATA; } int resolve_service_by_name(char *name) { struct servent *se; se = getservbyname(name, NULL); endservent(); if (se != NULL) return se->s_port; else return 0; } void ipf_parse_ips(char *input, unsigned char mode) { int retval, port; char ip[IP6LEN]; if (mode == (IPF_OPT_SRC | IPF_OPT_RES | IPF_OPT_RPORT) || mode == (IPF_OPT_DST | IPF_OPT_RES | IPF_OPT_RPORT)) { char name[255], *ptr, portname[32]; ptr = input; while (*ptr != '[') ptr++; *ptr = ' '; while (*ptr != ']') ptr++; *ptr = ' '; ptr++; *ptr = ' '; retval = sscanf(input, "%255s %40s %32s", name, ip, portname); if (retval != 3) return; port = resolve_service_by_name(portname); } else if (mode == (IPF_OPT_SRC | IPF_OPT_RES | IPF_OPT_PORT) || mode == (IPF_OPT_DST | IPF_OPT_RES | IPF_OPT_PORT)) { char name[255], *ptr; ptr = input; while (*ptr != '[') ptr++; *ptr = ' '; while (*ptr != ']') ptr++; *ptr = ' '; ptr++; *ptr = ' '; retval = sscanf(input, "%255s %40s %5d", name, ip, &port); if (retval != 3) return; } else if (mode == (IPF_OPT_SRC | IPF_OPT_RES) || mode == (IPF_OPT_DST | IPF_OPT_RES)) { char name[255], *ptr; ptr = input; while (*ptr != '[') ptr++; *ptr = ' '; while (*ptr != ']') ptr++; *ptr = ' '; retval = sscanf(input, "%255s %40s", name, ip); if (retval != 2) return; } else if (mode == (IPF_OPT_SRC | IPF_OPT_RPORT) || mode == (IPF_OPT_DST | IPF_OPT_RPORT)) { char portname[32], *ptr; ptr = input; while (*ptr != ',') ptr++; *ptr = ' '; retval = sscanf(input, "%40s %32s", ip, portname); if (retval != 2) return; port = resolve_service_by_name(portname); } else if (mode == (IPF_OPT_SRC | IPF_OPT_PORT) || mode == (IPF_OPT_DST | IPF_OPT_PORT)) { char *ptr; ptr = input; while (*ptr != ',') ptr++; *ptr = ' '; retval = sscanf(input, "%40s %5d", ip, &port); if (retval != 2) return; } else if (mode == IPF_OPT_SRC || mode == IPF_OPT_DST) { xstrncpy(ip, input, 40); } else { return; } if (mode & IPF_OPT_SRC) { if (convert_ip(ip, &opt.line->shost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | IPF_SRC_IP; if (mode & IPF_OPT_PORT) { opt.line->sport = port; opt.parser = opt.parser | IPF_SRC_PORT; } } else { if (convert_ip(ip, &opt.line->dhost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | IPF_DST_IP; if (mode & IPF_OPT_PORT) { opt.line->dport = port; opt.parser = opt.parser | IPF_DST_PORT; } } } void ipf_parse_proto(char *input) { if (isdigit((int) input[0])) { opt.line->protocol = atoi(input); } else { struct protoent *proto; proto = getprotobyname(input); if (proto != NULL) opt.line->protocol = proto->p_proto; } if (opt.line->protocol != 0) { opt.parser = opt.parser | IPF_PROTO; } else { fprintf(stderr, "Unknown protocol (not in /etc/protocols), ignoring: %s\n", input); opt.parser = opt.parser | IPF_NO_HIT; } } void ipf_parse_flags(char *input) { while (*input != '\0') { if (*input == 'S') opt.line->flags = opt.line->flags | TCP_SYN; if (*input == 'A') opt.line->flags = opt.line->flags | TCP_ACK; if (*input == 'F') opt.line->flags = opt.line->flags | TCP_FIN; if (*input == 'R') opt.line->flags = opt.line->flags | TCP_RST; if (*input == 'P') opt.line->flags = opt.line->flags | TCP_PSH; if (*input == 'U') opt.line->flags = opt.line->flags | TCP_URG; input++; } } unsigned char flex_ipfilter(char *input, int linenum) { opt.parser = 0; init_line(); ipf_scan_string(input); ipflex(); ipf_delete_buffer(YY_CURRENT_BUFFER); if (opt.parser & IPF_NO_HIT) return PARSE_NO_HIT; if (opt.parser == (IPF_DATE | IPF_DATA | IPF_PROTO | IPF_SRC_IP | IPF_DST_IP | IPF_SRC_PORT | IPF_DST_PORT)) { return PARSE_OK; } else if ((opt.line->protocol == 44) && (opt.parser == (IPF_DATE | IPF_DATA | IPF_PROTO | IPF_SRC_IP | IPF_DST_IP))) { return PARSE_OK; } else { if (opt.verbose) fprintf(stderr, "ipfilter parse error in line %d, ignoring.\n", linenum); if (opt.verbose == 2) fprintf(stderr, "input was: \"%s\"\n", input); return PARSE_WRONG_FORMAT; } } fwlogwatch-1.4/PaxHeaders.8080/utils.c0000644000000000000000000000012412145435573015755 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.896942 30 ctime=1369319079.896942964 fwlogwatch-1.4/utils.c0000644000000000000000000003001412145435573015034 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: utils.c 731 2013-05-17 14:15:23Z bw $ */ #include #include #include #include #include #include #include #include #include #include #include #include "main.h" struct input_file *first_file = NULL; extern struct options opt; extern struct conn_data *first; extern struct dns_cache *dns_first; extern struct known_hosts *first_host; extern struct whois_entry *whois_first; extern struct parser_options *excluded_first; /* * xstrncpy() - similar to strncpy(3) but always terminates string * with '\0' (if n > 0 and dest != NULL), doesn't do padding. */ char *xstrncpy(char *dest, const char *src, size_t n) { char *r = dest; if ((n <= 0) || (dest == NULL)) { return dest; } if (src != NULL) { while ((--n != 0) && (*src != '\0')) { *dest++ = *src++; } } *dest = '\0'; return r; } void *xmalloc(int size) { void *ptr; ptr = malloc(size); if (ptr == NULL) { fprintf(stderr, _("\nMemory allocation error, exiting.\n")); exit(EXIT_FAILURE); } return ptr; } void log_exit(unsigned char returncode) { if (opt.pidfile[0] != '\0') { if (unlink(opt.pidfile) == -1) { if (opt.verbose) syslog(LOG_NOTICE, "unlink %s: %s", opt.pidfile, strerror(errno)); } } syslog(LOG_NOTICE, _("Exiting")); exit(returncode); } void run_command(char *buf) { pid_t pid; if (strstr(buf, "%") != NULL) { syslog(LOG_NOTICE, _("Not executing buffer containing format string")); return; } if (opt.verbose == 2) { syslog(LOG_NOTICE, _("Executing '%s'"), buf); } pid = fork(); if (pid == -1) { syslog(LOG_NOTICE, "fork: %s", strerror(errno)); log_exit(EXIT_FAILURE); } if (pid == 0) { execl("/bin/sh", "/bin/sh", "-c", buf, NULL); syslog(LOG_NOTICE, "execl: %s", strerror(errno)); log_exit(EXIT_FAILURE); } wait(NULL); } void free_conn_data() { struct conn_data *this; this = first; while (this != NULL) { first = this; this = this->next; free(first->hostname); free(first->chainlabel); free(first->branchname); free(first->interface); free(first); } first = NULL; } void free_dns_cache() { struct dns_cache *dns_this; dns_this = dns_first; while (dns_this != NULL) { dns_first = dns_this; dns_this = dns_this->next; free(dns_first->fqdn); free(dns_first); } dns_first = NULL; } void free_whois() { struct whois_entry *whois_this; whois_this = whois_first; while (whois_this != NULL) { whois_first = whois_this; whois_this = whois_this->next; free(whois_first->ip_route); free(whois_first->ip_descr); free(whois_first->as_descr); free(whois_first); } whois_first = NULL; } void free_hosts() { struct known_hosts *this_host; this_host = first_host; while (this_host != NULL) { first_host = this_host; this_host = this_host->next; free(first_host); } first_host = NULL; } void free_exclude_data() { struct parser_options *excluded_this; excluded_this = excluded_first; while (excluded_this != NULL) { excluded_first = excluded_this; excluded_this = excluded_this->next; if (excluded_first->svalue != NULL) free(excluded_first->svalue); free(excluded_first); } excluded_first = NULL; } void init_line() { opt.line->time = 0; opt.line->hostname[0] = '\0'; opt.line->chainlabel[0] = '\0'; opt.line->branchname[0] = '\0'; opt.line->interface[0] = '\0'; opt.line->protocol = 0; opt.line->datalen = 0; memset(&opt.line->shost, 0, sizeof(struct in6_addr)); opt.line->sport = 0; memset(&opt.line->dhost, 0, sizeof(struct in6_addr)); opt.line->dport = 0; opt.line->flags = 0; opt.line->count = 0; } void mode_error() { fprintf(stderr, _("fwlogwatch error: mode collision, please check that you didn't specify\n" " several modes on the command line or a second mode is active in the\n" " configuration file.\n" " Please use a separate configuration file for each mode or comment out all\n" " entries in the default configuration and use command line parameters.\n")); exit(EXIT_FAILURE); } void build_time(char *smonth, int day, int hour, int minute, int second) { int month = 0, now, then; struct tm *t; if (opt.mode != REALTIME_RESPONSE) { t = localtime(&opt.now); } else { time_t rr_now; rr_now = time(NULL); t = localtime(&rr_now); } now = (int) mktime(t); if (strncmp(smonth, "Jan", 3) == 0) { month = 0; } else if (strncmp(smonth, "Feb", 3) == 0) { month = 1; } else if (strncmp(smonth, "Mar", 3) == 0) { month = 2; } else if (strncmp(smonth, "Apr", 3) == 0) { month = 3; } else if (strncmp(smonth, "May", 3) == 0) { month = 4; } else if (strncmp(smonth, "Jun", 3) == 0) { month = 5; } else if (strncmp(smonth, "Jul", 3) == 0) { month = 6; } else if (strncmp(smonth, "Aug", 3) == 0) { month = 7; } else if (strncmp(smonth, "Sep", 3) == 0) { month = 8; } else if (strncmp(smonth, "Oct", 3) == 0) { month = 9; } else if (strncmp(smonth, "Nov", 3) == 0) { month = 10; } else if (strncmp(smonth, "Dec", 3) == 0) { month = 11; } t->tm_mon = month; t->tm_mday = day; t->tm_hour = hour; t->tm_min = minute; t->tm_sec = second; t->tm_isdst = -1; then = (int) mktime(t); if (then > now) --t->tm_year; opt.line->time = mktime(t); } char compare_ipv6(struct in6_addr *ip1, struct in6_addr *ip2) { int i; for (i = 0; i < 16; i++) { if (ip1->s6_addr[i] != ip2->s6_addr[i]) { if (ip1->s6_addr[i] < ip2->s6_addr[i]) { return -1; } else { return 1; } } } return 0; } char compare_ipv6_equal(struct in6_addr *ip1, struct in6_addr *ip2) { if (ip1->s6_addr32[0] == ip2->s6_addr32[0] && ip1->s6_addr32[1] == ip2->s6_addr32[1] && ip1->s6_addr32[2] == ip2->s6_addr32[2] && ip1->s6_addr32[3] == ip2->s6_addr32[3]) return 0; return 1; } unsigned char isV4mappedV6addr(struct in6_addr *ip) { int i; for (i = 0; i < 10; i++) { if (ip->s6_addr[i] != 0) return 0; } for (i = 10; i < 12; i++) { if (ip->s6_addr[i] != 0xff) return 0; } return 1; } char *my_inet_ntop(struct in6_addr *ip) { const char *rp; if (isV4mappedV6addr(ip)) { rp = inet_ntop(AF_INET, ip->s6_addr + 12, opt.ntop, INET_ADDRSTRLEN); } else { rp = inet_ntop(AF_INET6, ip->s6_addr, opt.ntop, INET6_ADDRSTRLEN); } if (rp == NULL) { snprintf(opt.ntop, INET6_ADDRSTRLEN, _("[error]")); } return opt.ntop; } unsigned char convert_ip(char *ip, struct in6_addr *addr) { int retval; retval = inet_pton(AF_INET6, ip, addr->s6_addr); if (retval != 1) { char nnb[HOSTLEN]; snprintf(nnb, HOSTLEN, "::ffff:%s", ip); retval = inet_pton(AF_INET6, nnb, addr->s6_addr); if (retval != 1) { if (opt.verbose) fprintf(stderr, _("IP address error: %s\n"), ip); return IN_ADDR_ERROR; } } return IN_ADDR_OK; } void parse_cidr(char *input, struct in6_addr *in6_addr) { char *pnt; int n, s, x, y, z; struct in6_addr ip; pnt = strstr(input, "/"); if (pnt != NULL) { n = atoi(pnt + 1); *pnt = '\0'; } else { n = 128; } memset(in6_addr, 0, sizeof(struct in6_addr)); convert_ip(input, &ip); if (isV4mappedV6addr(&ip)) { if ((pnt != NULL) && ((n < 0) || (n > 32))) { fprintf(stderr, _("Error in CIDR format: %s\n"), input); exit(EXIT_FAILURE); } in6_addr->s6_addr[10] = 0xff; in6_addr->s6_addr[11] = 0xff; s = 96; y = 12; if (pnt != NULL) n += 96; } else { if ((n < 0) || (n > 128)) { fprintf(stderr, _("Error in CIDR format: %s\n"), input); exit(EXIT_FAILURE); } y = s = 0; } z = 0; for (x = s; x < n; x++) { in6_addr->s6_addr[y] = in6_addr->s6_addr[y] | (1 << (7 - z)); z++; if (z == 8) { z = 0; y++; } } } int convert_mask(struct in6_addr *in6_addr) { int s, n, x, y, z; if (isV4mappedV6addr(in6_addr)) { s = 96; y = 12; } else { y = s = 0; } n = z = 0; for (x = s; x < 128; x++) { if ((in6_addr->s6_addr[y] & (1 << (7 - z))) == 0) break; n++; z++; if (z == 8) { z = 0; y++; } } return n; } void add_known_host(char *ip) { struct known_hosts *host, *test_host; int i; host = xmalloc(sizeof(struct known_hosts)); parse_cidr(ip, &host->netmask); if (convert_ip(ip, &host->shost) == IN_ADDR_ERROR) { fprintf(stderr, _("(known host)\n")); free(host); exit(EXIT_FAILURE); } for (i = 0; i < 16; i++) host->shost.s6_addr[i] = host->shost.s6_addr[i] & host->netmask.s6_addr[i]; test_host = first_host; while (test_host != NULL) { if (compare_ipv6_equal(&test_host->shost, &host->shost) == 0) { free(host); return; } test_host = test_host->next; } host->time = 0; host->count = 0; host->protocol = 0; memset(&host->dhost, 0, sizeof(struct in6_addr)); host->sport = 0; host->dport = 0; host->id = opt.global_id++; host->next = first_host; first_host = host; } void add_exclude_hpb(char *input, unsigned char mode) { struct parser_options *excluded_this; struct in6_addr ip; int i; excluded_this = xmalloc(sizeof(struct parser_options)); excluded_this->mode = mode; if (mode & PARSER_MODE_HOST) { struct parser_options *excluded_test; parse_cidr(input, &excluded_this->netmask); if (convert_ip(input, &ip) == IN_ADDR_ERROR) { fprintf(stderr, _("(excluded host)\n")); free(excluded_this); exit(EXIT_FAILURE); } for (i = 0; i < 16; i++) excluded_this->host.s6_addr[i] = ip.s6_addr[i] & excluded_this->netmask.s6_addr[i]; excluded_test = excluded_first; while (excluded_test != NULL) { if (compare_ipv6_equal(&excluded_test->host, &excluded_this->host) == 0) { free(excluded_this); return; } excluded_test = excluded_test->next; } } else if (mode & PARSER_MODE_PORT) { excluded_this->value = atoi(input); } else if (mode & (PARSER_MODE_CHAIN | PARSER_MODE_BRANCH)) { excluded_this->svalue = xmalloc(strlen(input) + 1); xstrncpy(excluded_this->svalue, input, strlen(input) + 1); } excluded_this->next = excluded_first; excluded_first = excluded_this; } void add_input_file(char *name) { struct input_file *file, *ptr; if (!strncmp(name, "-", FILESIZE)) opt.std_in = 1; if (opt.std_in) { opt.filecount = 0; return; } file = xmalloc(sizeof(struct input_file)); file->name = xmalloc(strlen(name) + 1); file->next = NULL; xstrncpy(file->name, name, strlen(name) + 1); ptr = first_file; if (ptr == NULL) { first_file = file; } else { while (ptr->next != NULL) { ptr = ptr->next; } ptr->next = file; } opt.filecount++; } void free_input_file() { struct input_file *file; file = first_file; while (file != NULL) { free(file->name); first_file = file; file = file->next; free(first_file); } first_file = NULL; } void generate_email_header(FILE * fd) { time_t now; char stime[TIMESIZE]; now = time(NULL); strftime(stime, TIMESIZE, "%Y%m%d-%H%M%S", localtime(&now)); fprintf(fd, "From: %s\n", opt.sender); fprintf(fd, "To: %s\n", opt.recipient); if (opt.cc[0] != '\0') fprintf(fd, "Cc: %s\n", opt.cc); fprintf(fd, "Subject: %s\n", opt.title); fprintf(fd, "X-Generator: %s %s (C) %s\n", PACKAGE, VERSION, COPYRIGHT); if (opt.html) { fprintf(fd, "Mime-Version: 1.0\n"); fprintf(fd, "Content-Type: text/html; charset=utf-8\n"); fprintf(fd, "Content-Disposition: inline; filename=\"fwlogwatch_summary-%s.html\"\n", stime); } fprintf(fd, "\n"); } void fdprintf(int fd, char *format, ...) { if (opt.status != FD_ERROR) { char buf[BUFSIZE]; va_list argv; ssize_t retval; va_start(argv, format); vsnprintf(buf, BUFSIZE, format, argv); retval = write(fd, buf, strlen(buf)); va_end(argv); if (retval == -1) { syslog(LOG_NOTICE, "write: %s", strerror(errno)); opt.status = FD_ERROR; return; } fflush(NULL); } } fwlogwatch-1.4/PaxHeaders.8080/Makefile0000644000000000000000000000012412145435573016111 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.844943 30 ctime=1369319079.845943349 fwlogwatch-1.4/Makefile0000644000000000000000000001034712145435573015177 0ustar00rootroot00000000000000# Copyright (C) 2000-2013 Boris Wesslowski # $Id: Makefile 731 2013-05-17 14:15:23Z bw $ # You might want to add -DSHORT_NAMES to CFLAGS if you only intend to analyze # log formats with short list/chain/branch/interface names like ipchains. # You can also add -DLOGDOTS if your Cisco log host logs FQDNs and you only # want the host names in the output. # -DHAVE_ZLIB enables support for gzip compressed files. # -DHAVE_GETTEXT enables localization support. # -DHAVE_ADNS enables support for asynchronous DNS lookups. # Linux CC = gcc CFLAGS = -DHAVE_ZLIB -DHAVE_GETTEXT -pipe -O2 -Wall #-pedantic -Wpointer-arith #-g #-p LDFLAGS = -s #-g #-static -p LIBS = -lcrypt -lz #-ladns #-lc_p # Mac OS X #CC = gcc #CFLAGS = -DHAVE_ZLIB -pipe -O2 -Wall #LIBS = -lz # Solaris #LIBS = -lnsl -lsocket -lcrypt -lz # #CC = gcc #CFLAGS = -DSOLARIS -DHAVE_ZLIB -DHAVE_GETTEXT -pipe -O2 -Wall #-pedantic #-g #LDFLAGS = #-g # #CC = cc #CFLAGS = -DSOLARIS -DHAVE_ZLIB -DHAVE_GETTEXT -v -fast -xCC # OpenBSD #CC = gcc #CFLAGS = -DHAVE_ZLIB -DHAVE_GETTEXT -pipe -O2 -Wall -I/usr/local/include #LIBS = -L/usr/local/lib -lz -lintl # FreeBSD #CC = gcc #CFLAGS = -DHAVE_ZLIB -DHAVE_GETTEXT -pipe -O2 -Wall -I/usr/local/include #LIBS = -L/usr/local/lib -lcrypt -lz -lintl LEX = flex LFLAGS = -B --nounput #-f #-p -p -d INSTALL = install INSTALL_PROGRAM = $(INSTALL) -m 0755 INSTALL_SCRIPT = $(INSTALL) -m 0755 INSTALL_DATA = $(INSTALL) -m 0644 INSTALL_DIR = /usr/local CONF_DIR = /etc LOCALE_DIR = /usr OBJS = cisco_ios.o cisco_pix.o compare.o ipchains.o ipfilter.o ipfw.o \ lancom.o main.o modes.o net.o netfilter.o netscreen.o output.o \ parser.o rcfile.o resolve.o response.o snort.o utils.o whois.o all: fwlogwatch cisco_ios.o: main.h utils.h cisco_pix.o: main.h utils.h compare.o: compare.h main.h output.h utils.h ipchains.o: main.h utils.h ipfilter.o: main.h utils.h ipfw.o: main.h utils.h lancom.o: main.h utils.h main.o: main.h modes.h parser.h rcfile.h utils.h modes.o: compare.h main.h net.h output.h parser.h rcfile.h \ resolve.h response.h utils.h whois.h net.o: compare.h main.h output.h resolve.h response.h utils.h netfilter.o: main.h utils.h netscreen.o: main.h utils.h output.o: main.h output.h resolve.h utils.h whois.h parser.o: cisco_ios.h cisco_pix.h compare.h ipchains.h ipfilter.h \ ipfw.h main.h netfilter.h netscreen.h parser.h snort.h rcfile.o: main.h parser.h rcfile.h utils.h resolve.o: main.h resolve.h utils.h response.o: main.h response.h utils.h snort.o: main.h utils.h utils.o: main.h whois.o: main.h utils.h fwlogwatch: $(OBJS) $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) install: all $(INSTALL_PROGRAM) fwlogwatch $(INSTALL_DIR)/sbin/fwlogwatch $(INSTALL_SCRIPT) contrib/fwlw_notify $(INSTALL_DIR)/sbin/fwlw_notify $(INSTALL_SCRIPT) contrib/fwlw_respond $(INSTALL_DIR)/sbin/fwlw_respond $(INSTALL_DATA) fwlogwatch.8 $(INSTALL_DIR)/share/man/man8/fwlogwatch.8 install-config: $(INSTALL_DATA) fwlogwatch.config $(CONF_DIR)/fwlogwatch.config install-i18n: cd po; make $(INSTALL_DATA) po/de.mo $(LOCALE_DIR)/share/locale/de/LC_MESSAGES/fwlogwatch.mo $(INSTALL_DATA) po/ja.mo $(LOCALE_DIR)/share/locale/ja/LC_MESSAGES/fwlogwatch.mo $(INSTALL_DATA) po/pt.mo $(LOCALE_DIR)/share/locale/pt/LC_MESSAGES/fwlogwatch.mo $(INSTALL_DATA) po/sv.mo $(LOCALE_DIR)/share/locale/sv/LC_MESSAGES/fwlogwatch.mo $(INSTALL_DATA) po/zh_CN.mo $(LOCALE_DIR)/share/locale/zh_CN/LC_MESSAGES/fwlogwatch.mo $(INSTALL_DATA) po/zh_TW.mo $(LOCALE_DIR)/share/locale/zh_TW/LC_MESSAGES/fwlogwatch.mo install-rhinit: $(INSTALL_SCRIPT) contrib/fwlogwatch.init.redhat $(CONF_DIR)/rc.d/init.d/fwlogwatch uninstall: @rm -f $(INSTALL_DIR)/sbin/fwlogwatch \ $(INSTALL_DIR)/sbin/fwlw_notify \ $(INSTALL_DIR)/sbin/fwlw_respond \ $(INSTALL_DIR)/share/man/man8/fwlogwatch.8 \ $(LOCALE_DIR)/share/locale/de/LC_MESSAGES/fwlogwatch.mo \ $(LOCALE_DIR)/share/locale/ja/LC_MESSAGES/fwlogwatch.mo \ $(LOCALE_DIR)/share/locale/pt/LC_MESSAGES/fwlogwatch.mo \ $(LOCALE_DIR)/share/locale/sv/LC_MESSAGES/fwlogwatch.mo \ $(LOCALE_DIR)/share/locale/zh_CN/LC_MESSAGES/fwlogwatch.mo \ $(LOCALE_DIR)/share/locale/zh_TW/LC_MESSAGES/fwlogwatch.mo \ $(CONF_DIR)/fwlogwatch.config \ clean: rm -f *.o *~ *.bak fwlogwatch cd po; make clean indent: indent --k-and-r-style --indent-level 2 --line-length 180 *.c *.h fwlogwatch-1.4/PaxHeaders.8080/net.h0000644000000000000000000000012412145435573015410 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.892942 30 ctime=1369319079.892942995 fwlogwatch-1.4/net.h0000644000000000000000000000032712145435573014473 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: net.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _NET_H #define _NET_H void prepare_socket(void); void handshake(int linenum, int hitnum, int ignored); #endif fwlogwatch-1.4/PaxHeaders.8080/snort.l0000644000000000000000000000012412145435573015773 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.835943 30 ctime=1369319079.835943424 fwlogwatch-1.4/snort.l0000644000000000000000000001110212145435573015047 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: snort.l 731 2013-05-17 14:15:23Z bw $ */ %option prefix="snort" %option outfile="snort.c" %option noyywrap %{ #define YY_NO_INPUT #include #include #include #include "main.h" #include "utils.h" extern struct options opt; void snort_parse_date(char *input); void snort_parse_branch(char *input); void snort_parse_ip(char *input, unsigned char mode); %} MONTH "Jan"|"Feb"|"Mar"|"Apr"|"May"|"Jun"|"Jul"|"Aug"|"Sep"|"Oct"|"Nov"|"Dec" STRING [a-zA-Z0-9._-]* STRING2 [ -Z\\^-~]* STRING3 [a-zA-Z(][ a-zA-Z0-9()/._-]*[a-zA-Z)] LOGHOST [0-9.a-zA-Z()_:-]* DIGIT [0-9] NUMBER {DIGIT}+ OCTET {DIGIT}{1,3} PORT {DIGIT}{1,5} PROTO "TCP"|"UDP"|"ICMP" %% {MONTH}[ ]{1,2}{DIGIT}{1,2}[ ]{DIGIT}{2}:{DIGIT}{2}:{DIGIT}{2}[ ]{LOGHOST} snort_parse_date(snorttext); "snort: " /* ignore */ "snort["{NUMBER}"]: " /* ignore */ "["{NUMBER}":"{NUMBER}":"{DIGIT}"]" /* ignore */ {STRING3} xstrncpy(opt.line->chainlabel, snorttext, SHORTLEN); opt.parser=opt.parser|SNORT_CHAIN; "[Classification: "{STRING2}"]" snort_parse_branch(snorttext+17); "[Priority: "{DIGIT}"]:" /* ignore */ "{"{PROTO}"}"[ ]{OCTET}"."{OCTET}"."{OCTET}"."{OCTET} snort_parse_ip(snorttext+1, SNORT_OPT_SRC); "{"{PROTO}"}"[ ]{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}":"{PORT} snort_parse_ip(snorttext+1, SNORT_OPT_SRC|SNORT_OPT_PORT); "-> "{OCTET}"."{OCTET}"."{OCTET}"."{OCTET} snort_parse_ip(snorttext, SNORT_OPT_DST); "-> "{OCTET}"."{OCTET}"."{OCTET}"."{OCTET}":"{PORT} snort_parse_ip(snorttext, SNORT_OPT_DST|SNORT_OPT_PORT); "spp_portscan: ".* opt.parser=SNORT_NO_HIT; "spp_stream4: ".* opt.parser=SNORT_NO_HIT; [ ]+ /* ignore whitespace */ [\n] /* ignore */ {STRING} if(opt.verbose) fprintf(stderr, "Unrecognized token: %s\n", snorttext); . if(opt.verbose) fprintf(stderr, "Unrecognized character: %s\n", snorttext); %% void snort_parse_date(char *input) { int retval, day, hour, minute, second; char smonth[4]; retval = sscanf(input, "%3s %2d %2d:%2d:%2d %32s", smonth, &day, &hour, &minute, &second, opt.line->hostname); if (retval != 6) return; build_time(smonth, day, hour, minute, second); opt.parser = opt.parser | SNORT_DATE; } void snort_parse_branch(char *input) { char *ptr; ptr = strchr(input, ']'); *ptr = '\0'; xstrncpy(opt.line->branchname, input, SHORTLEN); opt.parser = opt.parser | SNORT_BRANCH; } void snort_parse_ip(char *input, unsigned char mode) { char ip[IPLEN]; int retval, host1, host2, host3, host4; if ((mode & SNORT_OPT_SRC) != 0) { char proto[8]; if ((mode & SNORT_OPT_PORT) != 0) { retval = sscanf(input, "%8s %3d.%3d.%3d.%3d:%5d", proto, &host1, &host2, &host3, &host4, &opt.line->sport); if (retval != 6) return; } else { retval = sscanf(input, "%8s %3d.%3d.%3d.%3d", proto, &host1, &host2, &host3, &host4); if (retval != 5) return; } if (strncmp(proto, "TCP", 3) == 0) opt.line->protocol = 6; else if (strncmp(proto, "UDP", 3) == 0) opt.line->protocol = 17; else if (strncmp(proto, "ICMP", 4) == 0) opt.line->protocol = 1; if (opt.line->protocol != 0) opt.parser = opt.parser | SNORT_PROTO; } else if ((mode & SNORT_OPT_DST) != 0) { if ((mode & SNORT_OPT_PORT) != 0) { retval = sscanf(input, "-> %3d.%3d.%3d.%3d:%5d", &host1, &host2, &host3, &host4, &opt.line->sport); if (retval != 5) return; } else { retval = sscanf(input, "-> %3d.%3d.%3d.%3d", &host1, &host2, &host3, &host4); if (retval != 4) return; } } else { return; } snprintf(ip, IPLEN, "%d.%d.%d.%d", host1, host2, host3, host4); if ((mode & SNORT_OPT_SRC) != 0) { if (convert_ip(ip, &opt.line->shost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | SNORT_SRC; } else if ((mode & SNORT_OPT_DST) != 0) { if (convert_ip(ip, &opt.line->dhost) == IN_ADDR_ERROR) return; opt.parser = opt.parser | SNORT_DST; } } unsigned char flex_snort(char *input, int linenum) { opt.parser = 0; init_line(); snort_scan_string(input); snortlex(); snort_delete_buffer(YY_CURRENT_BUFFER); xstrncpy(opt.line->interface, "-", SHORTLEN); opt.line->count = 1; if (opt.parser & SNORT_NO_HIT) return PARSE_NO_HIT; if (opt.parser == (SNORT_DATE | SNORT_CHAIN | SNORT_BRANCH | SNORT_PROTO | SNORT_SRC | SNORT_DST)) { return PARSE_OK; } else { if (opt.verbose) fprintf(stderr, "snort parse error in line %d, ignoring.\n", linenum); if (opt.verbose == 2) fprintf(stderr, "input was: \"%s\"\n", input); return PARSE_WRONG_FORMAT; } } fwlogwatch-1.4/PaxHeaders.8080/lancom.h0000644000000000000000000000012312145435573016072 xustar000000000000000027 mtime=1368800123.419223 27 atime=1369319079.874943 29 ctime=1369319079.87494313 fwlogwatch-1.4/lancom.h0000644000000000000000000000027712145435573015162 0ustar00rootroot00000000000000/* Copyright (C) 2000-2013 Boris Wesslowski */ /* $Id: lancom.h 731 2013-05-17 14:15:23Z bw $ */ #ifndef _LANCOM_H #define _LANCOM_H unsigned char lancom(char *input, int linenum); #endif fwlogwatch-1.4/PaxHeaders.8080/fwlogwatch.config0000644000000000000000000000012411460316733020000 xustar000000000000000027 mtime=1287757275.625215 27 atime=1369319079.889943 30 ctime=1369319079.889943017 fwlogwatch-1.4/fwlogwatch.config0000644000000000000000000002775611460316733017102 0ustar00rootroot00000000000000# $Id: fwlogwatch.config 715 2010-10-22 14:21:15Z bw $ # # Sample fwlogwatch configuration file # # The values filled in or mentioned in the description are the default values, # you only need to uncomment an option if you change it's value. # Valid parameters to binary options are on/yes/true and off/no/false. # Whitespace and comments are ignored anywhere in the file, case does not # matter. ### Include files ### # The option 'include_file' can be used to include external configuration # files. # #include_file = ### Global options ### # Use 'verbose' if you want extra information and log messages. # Use it twice for even more info. fwlogwatch is quiet by default. # Command line option: -v[v] # #verbose = no #verbose = no # Use 'resolve_hosts' if you want IP addresses looked up in the DNS (output # will be slower). # 'resolve_services' enables lookup of port numbers in /etc/services. # Command line options: -n / -N # #resolve_hosts = no #resolve_services = no # If your logs contain private IP addresses that are not resolvable through # DNS but you want reports with meaningful host names you can inject your # own list of IP/name pairs (in the same format as /etc/hosts) into the DNS # cache with the 'dns_cache' option. fwlogwatch will not modify this file. # Command line option: -i # #dns_cache = /home/user/my_hosts.txt # Specify the input file(s) if you don't want to use the default. Use one line # for each file. Compressed files (gzip) are supported. You can use '-' for # standard input (stdin). In realtime response mode the daemon needs the # absolute path to the file. # Command line option: [file(s)] # #input = /var/log/messages ### Evaluation options ### # You can select which parsers you want to use if you don't want fwlogwatch # to check for all known log formats. You can choose one or a combination # of: # # i ipchains # n netfilter # f ipfilter # c Cisco IOS # p Cisco PIX/ASA # e NetScreen # l Elsa Lancom # s Snort # # Command line option: -P # #parser = infcp # The following six options define which criteria will be considered when # comparing logged packets. You can turn off the source or destination IP # address distinction ('src_ip'/'dst_ip') or activate the protocol, source # and destination port and TCP option distinction # ('protocol'/'src_port'/'dst_port'/'tcp_opts'). # Command line options: -S / -D / -p / -s / -d / -y # #src_ip = on #dst_ip = on #protocol = off #src_port = off #dst_port = off #tcp_opts = off # The following eight options permit to select and/or exclude certain # hosts or ports. Rules can be added and combined, source and destination # hosts and ports are differentiated, specifying networks is possible in # CIDR format. # Command line option: -E # #exclude_src_host = #exclude_src_port = #exclude_dst_host = #exclude_dst_port = #include_src_host = #include_src_port = #include_dst_host = #include_dst_port = # The following four options permit to include and/or exclude chain and # branch (target) strings such as "input", "forward", "output" and # "accept", "deny", "pass", "block", "p", etc. Use one string per line # without quotes. Including a string causes all others to be excluded. # Command line option: -E # #exclude_chain = #include_chain = #exclude_branch = #include_branch = ### Sorting options ### # Since the sort algorithm used is stable you can sort several times, # entries that are equal for the primary criteria will be sorted by the # next criteria. The sort string can be composed of 11 fields of the form # 'ab' where 'a' is the sort criteria: # # c count # t start time # e end time # z duration # n target name # p protocol # b byte count # S source host # s source port # D destination host # d destination port # # and 'b' the order: # # a ascending # d descending # # Sorting is done in the given sequence, so the last option is the primary # criteria. If you don't use the 'sort_order' option the summary mode # default 'tacd' will be used (start with the highest count, if two counts # match list the one earlier in time first), of which 'ta' is built in, so # if you specify an empty sort string or everything else is equal entries # will be sorted ascending by time. In realtime response mode the default # is 'cd'. # # Command line option: -O # #sort_order = ### Output options ### # With the option 'title' you can change the title of the summary and the # status page and the subject of summaries sent by email. # The default title in summary mode is 'fwlogwatch summary' and in realtime # response mode it is 'fwlogwatch status'. # #title = # With the option 'stylesheet' you can make fwlogwatch omit the inline CSS # used to define the page colors and reference an external stylesheet. # In summary mode the string you specify will be taken as it is and used in a # link tag, in realtime response mode this only happens if it is an external # URL and starts with "http", else a local file will be assumed and embedded # at the corresponding position. # #stylesheet = # With the following four options you can customize the colors of the HTML # output (summary and realtime response status page), use the RGB value # with '#' or directly one of the 16 basic HTML color names (aqua black # blue fuchsia gray green lime maroon navy olive purple red silver teal # white yellow). # #textcolor = white #bgcolor = black #rowcolor1 = #555555 #rowcolor2 = #333333 ### Log summary mode ### # Use 'data_amount' if you want so see the sum of total packet lengths for # each entry (this obviously only works with log formats that contain this # information). # Command line option: -b # #data_amount = no # Use 'start_times' and/or 'last times' if you want to see the timestamp # of the first and/or last logged packet of each entry. # Command line options: -t / -e # #start_times = no #end_times = no # Use 'duration' if you want to see the time interval between the first and # the last connection attempt of the current entry. # Command line option: -z # #duration = no # Use 'html' to enable HTML output. # Command line option: -w # #html = no # Specify the name of an output file # Command line option: -o # #output = # Use 'recent' to ignore events older than a certain time (off by default). # The default unit is seconds. # Units: m = minutes, h = hours, d = days, w = weeks, M = months, y = years. # Command line option: -l