Generate Report from different LOG-Files

From: Michael Ruck (m.ruck@itnovum.de)
Date: 11/28/02 

From: "Michael Ruck" <m.ruck@itnovum.de>
Date: Thu, 28 Nov 2002 15:48:43 +0100

Hi @all!

I have a really special problem and I hope one of you can help me very
quickly.

I have do search for or develop a tool, that can generate one report out of
different kinds of LOG-files.

hese kind of LOG-files are:
    MS Exchange SMTP-log or sendmail log
    squid log
    nacctd log
    IIS NCSA log

The tool I'm searching for has to analyse these log-files and generate one
report out of it, if possible in HTML or PDF.

A few words, why I need such a tool:

We operate here at the location a computing centre for our parent
company. At this computing centre further subsidiaries are attached.
In order to make now an exact account over the developed traffic, we
need the analysis of these different log files, because the account has to
be
for each company, arranged according to user and service (Web, email,
VPN etc..).

The different log files are in addition also still on different
servers distributed. Everyone the log file types specified above is on
another server.

The different information, which service which user used and how much
traffic it produced thereby, are also only in the different log files
to find.

My target is it now to summarize all these data either in only one
report or in a database (esp. MySQL).

Now does one of you know a tool, which can complete this work for me? Or
does one of you have an idea, how one can implement relatively simply such a
tool? Perhaps one of you wrote already a similar Tool and can help me.

Or is it possible to install one sniffing-tool on the firewall, which logs
all the information I need (user (or internal host) -> service (web, email,
vpn) -> bytes send/recieved). At the moment the nacctd is running on our
firewall to report the vpn-traffic, but it is not possible to report the
other services, because only the internal host of our squid is showing in
these log-files.

Maybe I can modify the squid to send the users host to the firewall. In the
nacctd-log the ports of the connection is logged and so I can see, what
service is used.

Please help me, it is really important. Post your answer here in the
Newsgroup or send me a mail.

Thanks for all your help.

Michael Ruck

Relevant Pages

  • Re: Hacked
    ... >that is known as a port used by a trojan horse. ... I just started using NetWatchman. ... report hits automatically on your firewall. ...
    (comp.security.firewalls)
  • Re: Sort of OT - Tracking clicked links in an email?
    ... If the newsletter is server based and going to be viewed on your server by ... is for the client machine to send a report back to your server in some shape ... machine that is viewing the email, it will almost certainly give a firewall ... > alerts to go off? ...
    (microsoft.public.frontpage.client)
  • Re: anti virus 2006 pop-up
    ... Download Adware-Virtumundo Removal Tool -- ... You may have to disable your software FireWall or allow WGET.EXE to go through your ... On Win9x/ME platforms the report will not be shown in your bowser ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.security)
  • Re: Spyware: Need help removing it.
    ... | I did an Norton anti-virus scan, updated Norton Firewall, used Web Defender ... You may have to disable your software FireWall or allow WGET.EXE to go through your ... On Win9x/ME platforms the report will not be shown in your bowser ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Scheduled task wont run
    ... report and click Save Report. ... then send me the log files to me. ... This newsgroup only focuses on SBS technical issues. ... you may want to contact Microsoft CSS directly. ...
    (microsoft.public.windows.server.sbs)