All,
While I am preparing to enter this discussion in full force :-), I
figured I'd shoot a quick one on this:
> meaning. Take Tina's VPN example - how many types of log entries you would
> expect from a VPN concentrator? From my experience, not more than 20 but
> let's assume there are 50. Give a sample from each entry to a Perl
He-he, no :-) I just looked at the old documentation bundle of Cisco
VPN 3000 messages and its nowhere near the above. How about 2049
unique messages documented by Cisco?
Parsing IS often a challenge, e.g. see this and the discussion that
ensued: http://airsnarf.shmoo.com/pipermail/loganalysis/2005-December/002906.html
Syslog is where it becomes just plain extreme (50,000 message types
anybody?), as Marcus pointed out, but there are some other fun areas
where it is tough.
Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://www.securitywarrior.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 07 2006
Intro
