Re: [fw-wiz] parsing logs ultra-fast inline
- From: Anton Chuvakin <anton@xxxxxxxxxxxx>
- Date: Mon, 6 Feb 2006 17:05:06 -0500
All,
While I am preparing to enter this discussion in full force :-), I
figured I'd shoot a quick one on this:
meaning. Take Tina's VPN example - how many types of log entries you would
expect from a VPN concentrator? From my experience, not more than 20 but
let's assume there are 50. Give a sample from each entry to a Perl
He-he, no :-) I just looked at the old documentation bundle of Cisco
VPN 3000 messages and its nowhere near the above. How about 2049
unique messages documented by Cisco?
Parsing IS often a challenge, e.g. see this and the discussion that
ensued: http://airsnarf.shmoo.com/pipermail/loganalysis/2005-December/002906.html
Syslog is where it becomes just plain extreme (50,000 message types
anybody?), as Marcus pointed out, but there are some other fun areas
where it is tough.
Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://www.securitywarrior.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- RE: [fw-wiz] parsing logs ultra-fast inline
- From: Tina Bird
- Re: [fw-wiz] parsing logs ultra-fast inline
- From: Patrick M. Hausen
- Re: [fw-wiz] parsing logs ultra-fast inline
- From: Adrian Grigorof
- RE: [fw-wiz] parsing logs ultra-fast inline
- References:
- RE: [fw-wiz] parsing logs ultra-fast inline
- From: Tina Bird
- Re: [fw-wiz] parsing logs ultra-fast inline
- From: Adrian Grigorof
- RE: [fw-wiz] parsing logs ultra-fast inline
- Prev by Date: [fw-wiz] PIX to PIX IPSEC VPN IKE Phase 2 problem
- Next by Date: Re: [fw-wiz] parsing logs ultra-fast inline
- Previous by thread: RE: [fw-wiz] parsing logs ultra-fast inline
- Next by thread: Re: [fw-wiz] parsing logs ultra-fast inline
- Index(es):
Relevant Pages
|
