[Dshield] Shorewall log parser?

Wayne Larmon wlarmon at dshield.org
Thu Nov 14 16:37:31 GMT 2002


> Yes, that's the first thing I tried - didn't work. The problem is I
> don't know how pure iptables logs look like. Here's how a Shorewall
> entry looks like in my /etc/messages (told you I'm a newbie - please let
> me know if I'm looking in the wrong place):
>
> Nov 10 02:34:39 bogdan kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
> MAC=52:54:05:e5:67:42:00:02:44:4f:2b:9b:08:00 SRC=213.224.93.36
> DST=217.156.116.130 LEN=48 TOS=0x00 PREC=0x80 TTL=112 ID=34579 DF
> PROTO=TCP SPT=1334 DPT=3042 WINDOW=8192 RES=0x00 SYN URGP=0

This is correct.  This is an iptables log line.  I just tried our Framework
iptables script on this line, and it converted it OK.

http://www.dshield.org/framework.html

If you are having configuration problems with this client, contact me off
list.

Wayne Larmon
wlarmon at dshield.org
DShield.org

> Wayne Larmon wrote:
>
> >>Hello everybody!
> >>
> >>I'm a newbie, so please don't flame if I happen to ask the wrong
> >>question - looked for an answer both on dshield's site and on Google and
> >>haven't found it...
> >>
> >>...And the question obviously is: is there any readily available
> >>Shorewall log parser for dshield?
> >>
> >>
> >
> >http://www.shorewall.net/ says that it uses iptables.  Have you
> tried one of
> >our iptables scripts?
> >
> >http://www.dshield.org/framework.html
> >
> >or http://www.dshield.org/linux_clients.html#dshieldpy
> >
> >
> >Wayne Larmon
> >DShield.org
> >
> >
> >_______________________________________________
> >Dshield mailing list
> >Dshield at dshield.org
> >To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> >
> >
> >
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>





More information about the list mailing list