[Dshield] IPNetSentry v1.3.1

Johannes B. Ullrich jullrich at euclidian.com
Fri Nov 23 12:59:43 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Jim:

   We don't have any kind of Mac client at this time, which is a pitty, so 
feel free to chip in with one. I don't have a Mac, so I can't easily write 
one myself.

   The basic formats and such are explained at
http://www.dshield.org/specs.html

   It looks like a simple 'resorting' of the fields in your log will do. 
Fields not provided by the log should be replaced with '???'.

   Johannes.


On Thu, 22 Nov 2001, Jim Vermillion wrote:

> Hi all....
> 
> I'm brand new here, Mac user, IPNetSentry v 1.3.1 is my dialup 
> security.  I'd contribute log files, but don't see a ready made 
> parser for them on the site.
> 
> Is there one, or an alternate, or.... do I have to learn a bit more 
> than I was planning right now?
> 
> Here is one log entry for illumination:
> 
> 
> 11/22/01 20:48:39  Trigger IP Addr: 209.131.47.190 TCP Port: 80  Svc: 
> http 0 secs
> 
> 
> 
> Guidance in formatting / parsing this log entry example ?
> 
> Thanks!
> 
> Jim
> 
> 

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7/khBVOIizK5pIDMRAmRjAJ40la960TOcNn8dsBXwCt2J9WTo7ACeJ6Hk
zcr3ynQw/S1/61N1kdpALmc=
=wYQ3
-----END PGP SIGNATURE-----




More information about the list mailing list