mailing list archives
RE: parsing logs ultra-fast inline
From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 9 Feb 2006 13:26:15 -0500
Subject: Re: [fw-wiz] parsing logs ultra-fast inline
Second question: Hasn't anyone else ever written these scripts? You would
think they'd be
pretty widely available - especially for things like a PIX or 2600 or AIX.
I mean, yes
they're site specific but if you know all of the errors/messages a PIX can
said 26k or so?) then the "meat" of a script could be generic enough...the
messages aren't likely to differ by much from site to site...place your
IPs/whatever in and > run... or start to run...??
If by anyone, you mean anyone with some perl/shell knowledge and a PIX, then
yes, anyone can and has written them. Even me, and my code sucks.
With regard to AIX, sure there are. But generally Unix syslog, as opposed
to syslog from a router or firewall, contains messages from lots of
different pieces of software (i.e. Postfix vs. Sendmail, vsftpd vs. wu-ftpd,
vixie vs. anacron, etc.) so you will spend a little time putting things
together. But for security purposes, you can put together a quick list of
things to grep for off the top of your head (or in this case my head, but
you can take credit for it off list).
firewall-wizards mailing list
firewall-wizards () honor icsalabs com