[Dshield] Is there a Cisco ACL syslog parser ?
tim.tuck at penrith.net
Thu Mar 28 09:32:01 GMT 2002
Subject says it all, is there any one out there who has written a parser
for syslog entries generated by logging output from a cisco router's
My border router generates some wonderful stuff and I'd like to submit
it so I thought I'd ask before I attempt to write one.
Here is a line from my syslog:
Mar 28 20:28:01 [10.10.10.10.209.20] 4297: Mar 28 20:28:00.017 DST:
%SEC-6-IPACCESSLOGP: list 101 denied tcp 220.127.116.11(2438) (Ethernet1
0060.70cd.5dba) -> 18.104.22.168(80), 1 packet
Oh yes... that particular IP addr (22.214.171.124) has been pounding on
my subnet for days now and always port 80 :-/
More information about the list