Frequently Asked Questions

Some columns in some tables overlap each other.

You're using Netscape, and it doesn't correctly format tables that are wider than the window. You can try to maximize the window, decrease your font size, and/or increase your screen resolution, but some tables like the alert section will almost always be wider than the window. In this case, you'll have to use another browser. Internet Explorer, Opera, and Mozilla are known to work properly.

Reptor runs and generates an output file, but the tables are empty.

You need to properly define your interfaces in the configuration file.

How do I properly define my interfaces in the configuration file?

Browse through a logfile and look for lines that include the string "type 121: Statistics". These lines should have tags named srcif and dstif. The strings to the right of the equal signs are the names of your interfaces. In order to determine which is which, inspect the src and dst addresses. If you know your protected network is 192.168.1.0, and the logfile says "... srcif=Vpn1 src=192.168.1.17 ...", then Vpn1 is your "Inside" interface.

How do I make Reptor run automatically?

Regardless of your OS, it is important to remember that scheduling Reptor does not mean that the system will run it from the Reptor directory. As a result, Reptor may have problems finding your configuration file, because it looks in the current directory by default. There are two ways to handle this problem. First, explicitly make the Reptor directory the current directory before running Reptor. Second, use the --config command line option to specify the exact location of your configuration file.

Unix

Use cron. See the manpage for crontab for details. You might use something like this:
0 2 * * * /usr/local/reptor/reptor.pl --config /usr/local/reptor/reptor.cfg
This will run Reptor every day at 2:00 am. This example assumes that you have reptor.pl and reptor.cfg installed in /usr/local/reptor.

NT

Use at. See the help page for at for details. You might use something like this:
at 2:00 /every:Monday,Tuesday,Wednesday,Thursday,Friday,Saturday,Sunday "c:\perl\bin\perl c:\reptor\reptor.pl --config c:\reptor\reptor.cfg"
This will run Reptor every day at 2:00 am. This example assumes that you have reptor.pl and reptor.cfg installed in c:\reptor and Perl installed in c:\perl\bin.

You must also configure the firewall not to kill the Scheduler service. Add the string "Schedule" to the vulture.runtime file.

Remotelog doesn't work.

Verify that remotelog is installed and configured correctly by running the remotelogfile command from a command prompt. If you can't retrieve a logfile this way, Reptor won't be able to either. The remotelog option in the configuration file can take an optional argument indicating the full path to the remotelogfile executable. Try setting it. Otherwise, either make sure the directory that contains remotelogfile.exe is in your PATH, or copy remotelogfile.exe to the directory that Reptor is installed in.

The graph bars look like empty white boxes.

If the report is being served from a web server, you need to copy the pixel.gif file to the same directory on the server that the report resides in. Otherwise, the pixel.gif file must exist on the client machine, in the same directory that the report file resides in. If you're using email output, and viewing the report directly in an HTML capable email client, I haven't figured that one out yet.

I've written a script to automatically figure out the date of the logfile and feed it to Reptor...

This functionality is already present in Reptor. Make sure that you are using logfiles from the oldlogs directory, not the sg directory. At midnight, Raptor automatically moves the current logfile to the oldlogs directory and changes the filename so that it includes the date. Reptor expects to see filenames in this format and already knows what date yesterday was, so using pre-midnight logfiles or changing the name of logfiles will actually cause some loss of functionality.

I've written a script to automatically name the output report with the date...

This functionality is already present in Reptor. Instead of indicating a full filename in the configuration file, specify a path that ends with a slash. Reptor will automatically create an appropriate filename based on the date of the logfile processed.

I've written a script to automatically transfer the logfiles to another machine for processing...

This functionality is already present in Reptor. If the machine that Reptor is installed on is supported by the Axent/Raptor remotelog utilities, Reptor can use them and automatically download logfiles from the server at the time the report is generated. The logfiles are pulled from the client instead of being pushed from the server, so there is no need for any additional scripting or scheduling services to run on the firewall server. In addition, the session is encrypted (unlike ftp) so that potential packet sniffers are deterred.

I've added alerts to some protocols, but they don't work.

If you've made aliases for those protocols, make sure you use the alias in the alerts definition, and not the original protocol identifier.

Email output doesn't work.

The destination email server may think that Reptor's output is spam. As a result, you may have to configure it to accept mail relaying from the machine that Reptor is being run on. Also, make sure that the mail_server and mail_from options are properly set in your configuration file.