[Dshield] Cisco logfile client
Jost.Krieger at ruhr-uni-bochum.de
Wed May 16 12:02:14 GMT 2001
On Fri, May 11, 2001 at 09:11:34AM -0400, Johannes B. Ullrich wrote:
> This looks like something we could support on the DShield server
> site. Is there a way to get the protocol and flag information
> into the file?
Hmm, the protocol is in there, I don't think you can get the flags
(although you can block on those). I'll do some reading, though.
Unfortunately, the format is somewhat variable in the front part.
Here's a possible conversion for the last part:
perl -ne '/IPACCESS.*: list \S+ denied (\S+) ([0-9.]+)\((\d+)\) -> ([0-9.]+)\((\d+)\), (\d+) pack/ and print "$6\t$2\t$3\t$4\t$5\t".uc($1)."\n"'
| Jost.Krieger at ruhr-uni-bochum.de Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine am RZ der RUB |
| Pluralitas non est ponenda sine necessitate |
| William of Ockham (1285-1347/49) |
More information about the list