[Dshield] Shorewall log parser?

Bogdan Stancescu mgv at fx.ro
Thu Nov 14 16:19:39 GMT 2002


Yes, that's the first thing I tried - didn't work. The problem is I 
don't know how pure iptables logs look like. Here's how a Shorewall 
entry looks like in my /etc/messages (told you I'm a newbie - please let 
me know if I'm looking in the wrong place):

Nov 10 02:34:39 bogdan kernel: Shorewall:net2all:DROP:IN=eth0 OUT= 
MAC=52:54:05:e5:67:42:00:02:44:4f:2b:9b:08:00 SRC=213.224.93.36 
DST=217.156.116.130 LEN=48 TOS=0x00 PREC=0x80 TTL=112 ID=34579 DF 
PROTO=TCP SPT=1334 DPT=3042 WINDOW=8192 RES=0x00 SYN URGP=0

Bogdan

Wayne Larmon wrote:

>>Hello everybody!
>>
>>I'm a newbie, so please don't flame if I happen to ask the wrong
>>question - looked for an answer both on dshield's site and on Google and
>>haven't found it...
>>
>>...And the question obviously is: is there any readily available
>>Shorewall log parser for dshield?
>>    
>>
>
>http://www.shorewall.net/ says that it uses iptables.  Have you tried one of
>our iptables scripts?
>
>http://www.dshield.org/framework.html
>
>or http://www.dshield.org/linux_clients.html#dshieldpy
>
>
>Wayne Larmon
>DShield.org
>
>
>_______________________________________________
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>
>  
>




More information about the list mailing list