[Dshield] Shorewall log parser?
mgv at fx.ro
Thu Nov 14 16:19:39 GMT 2002
Yes, that's the first thing I tried - didn't work. The problem is I
don't know how pure iptables logs look like. Here's how a Shorewall
entry looks like in my /etc/messages (told you I'm a newbie - please let
me know if I'm looking in the wrong place):
Nov 10 02:34:39 bogdan kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
DST=126.96.36.199 LEN=48 TOS=0x00 PREC=0x80 TTL=112 ID=34579 DF
PROTO=TCP SPT=1334 DPT=3042 WINDOW=8192 RES=0x00 SYN URGP=0
Wayne Larmon wrote:
>>I'm a newbie, so please don't flame if I happen to ask the wrong
>>question - looked for an answer both on dshield's site and on Google and
>>haven't found it...
>>...And the question obviously is: is there any readily available
>>Shorewall log parser for dshield?
>http://www.shorewall.net/ says that it uses iptables. Have you tried one of
>our iptables scripts?
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list