[Dshield] Re: Dshield digest, Vol 1 #196 - 12 msgs
Taps at Iniquity.Org
Fri Aug 10 21:51:20 GMT 2001
| > I do have the ability to send that information to a syslog port
| > somewhere, and I am currently using Kiwi's SyslogD for Windows to
| > monitor that router.
| The registered version of that software is probably OK, but
| the unregistered version may drop syslog packets if more than
| 25 arrive in a row.
As of right now, I am running the freeware version as a service. But I
actually like the software, and especially the ability to log to an ODBC
connection. If I could just find a way to split the incoming message
into multiple parts. But that's my own project.
| > What I am wondering is if there is a client for Dshield.Org
| that will
| > interpret the syslogd logs to use. I am not able to write
| a client to
| > do so. Is anyone else in a similar situation?
| Kiwi's syslogd prepends 4 fields to whatever the sender sends.
| What do typical log entries look like?
Aug 11 00:01:17 gatekeeper ASCEND: wan1 tcp 64.64.x.x;80 <-
18.104.22.168;1540 62 syn !pass (reject)
In case it isn't apparent the format is such:
DATE <TAB> TIME <TAB> ROUTERNAME <TAB> MESSAGE
MESSAGE is in the format of :
ROUTERNAME: <connection> <protocol> <localIP;port>
<direction> <remoteIP;port> <length> <syn/ack> <response>
Each part in the message is separated by a space. I hope this is
* Taps at Iniquity.Org
More information about the list