[Dshield] Is there a Cisco ACL syslog parser ?

Tim Tuck tim.tuck at penrith.net
Thu Mar 28 09:32:01 GMT 2002


Hi all,

Subject says it all, is there any one out there who has written a parser
for syslog entries generated by logging output from a cisco router's
ACLs' ?

My border router generates some wonderful stuff and I'd like to submit
it so I thought I'd ask before I attempt to write one.

Here is a line from my syslog:

Mar 28 20:28:01 [10.10.10.10.209.20] 4297: Mar 28 20:28:00.017 DST:
%SEC-6-IPACCESSLOGP: list 101 denied tcp 203.91.155.24(2438) (Ethernet1
0060.70cd.5dba) -> 203.91.246.69(80), 1 packet

Oh yes... that particular IP addr (203.91.155.24) has been pounding on
my subnet for days now and always port 80 :-/


cheers

Tim




More information about the list mailing list