[Dshield] Is there a Cisco ACL syslog parser ?

Wayne Larmon wlarmon at dshield.org
Thu Mar 28 13:13:09 GMT 2002


> Hi all,
>
> Subject says it all, is there any one out there who has written a parser
> for syslog entries generated by logging output from a cisco router's
> ACLs' ?

I maintain the DShield Framework client
(http://www.dshield.org/framework.html) but the Cisco PIX parser hasn't been
updated for a while.  We depend on people to send us sample logs to design
around.  We don't have any sample logs for Cisco PIX ACL.

If you could send me some sample logs off list....

Wayne Larmon
wlarmon at dshield.org

>
> My border router generates some wonderful stuff and I'd like to submit
> it so I thought I'd ask before I attempt to write one.
>
> Here is a line from my syslog:
>
> Mar 28 20:28:01 [10.10.10.10.209.20] 4297: Mar 28 20:28:00.017 DST:
> %SEC-6-IPACCESSLOGP: list 101 denied tcp 203.91.155.24(2438) (Ethernet1
> 0060.70cd.5dba) -> 203.91.246.69(80), 1 packet
>
> Oh yes... that particular IP addr (203.91.155.24) has been pounding on
> my subnet for days now and always port 80 :-/
>
>
> cheers
>
> Tim
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list