[Dshield] Is there a Cisco ACL syslog parser ?

Tim Tuck tim.tuck at penrith.net
Thu Mar 28 09:32:01 GMT 2002

Hi all,

Subject says it all, is there any one out there who has written a parser
for syslog entries generated by logging output from a cisco router's
ACLs' ?

My border router generates some wonderful stuff and I'd like to submit
it so I thought I'd ask before I attempt to write one.

Here is a line from my syslog:

Mar 28 20:28:01 [] 4297: Mar 28 20:28:00.017 DST:
%SEC-6-IPACCESSLOGP: list 101 denied tcp (Ethernet1
0060.70cd.5dba) ->, 1 packet

Oh yes... that particular IP addr ( has been pounding on
my subnet for days now and always port 80 :-/



More information about the list mailing list