RE: [fw-wiz] parsing logs ultra-fast inline



-----Original Message-----
Subject: Re: [fw-wiz] parsing logs ultra-fast inline

Second question: Hasn't anyone else ever written these scripts? You would
think they'd be
pretty widely available - especially for things like a PIX or 2600 or AIX.
I mean, yes
they're site specific but if you know all of the errors/messages a PIX can
provide (someone
said 26k or so?) then the "meat" of a script could be generic enough...the
most common
messages aren't likely to differ by much from site to site...place your
IPs/whatever in and > run... or start to run...??

If by anyone, you mean anyone with some perl/shell knowledge and a PIX, then
yes, anyone can and has written them. Even me, and my code sucks.

http://honor.icsalabs.com/pipermail/firewall-wizards/2003-October/015488.htm
l
http://honor.icsalabs.com/pipermail/firewall-wizards/2003-October/015503.htm
l
http://www.loganalysis.org/sections/parsing/application-specific/index.html

With regard to AIX, sure there are. But generally Unix syslog, as opposed
to syslog from a router or firewall, contains messages from lots of
different pieces of software (i.e. Postfix vs. Sendmail, vsftpd vs. wu-ftpd,
vixie vs. anacron, etc.) so you will spend a little time putting things
together. But for security purposes, you can put together a quick list of
things to grep for off the top of your head (or in this case my head, but
you can take credit for it off list).

root
connect
login
accept
fail
refuse
restart

PaulM


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Crafty sheddiness
    ... for something that is heavy enough to stop it travelling across the table when you get up a head of steam, and if you want it mainly fer crafty things, make sure the foot has got a good clearance so you can get chunky stuff under it without too much heaving, and also make sure that the bottom tension is easy to adjust. ... I think I should have just pinged Kate and you in the first place. ... And all over the project pages there are pix of various machines in action. ...
    (uk.rec.sheds)
  • Re: Hawk identification requested (2 pix) (0/1)
    ... Finally, they are handheld zoom shots, the smaller image being at 25x (the ... one thing that stands out on this hawk is his head coloration. ... I found nothing, nada, zip even closely resembling this bird in my books ... I may be able to get better pix in the future, as a friend of mine who was ...
    (rec.birds)
  • Linksys BEFSX41 <=> PIX 506 VPN
    ... I'm probably beating my head against a wall, ... The PIX is using DES and SHA, Group 1 with a pre-share authentication. ... So I tried several configs on the BEFSX41 only to get the same ... The standard song usually sung at this point is that mixing vendors in IPSec ...
    (comp.security.firewalls)
  • Hawk identification requested (2 pix) (0/1)
    ... I apologize for the image quality. ... These pix were snapped with a trv720 handycam. ... Finally, they are handheld zoom shots, the smaller image being at 25x, ... one thing that stands out on this hawk is his head coloration. ...
    (rec.birds)