[Dshield] Need a way to automate firewall log extracts

Wayne Larmon wlarmon at dshield.org
Sun Mar 9 16:38:32 GMT 2003


> At 01:48 AM 3/9/2003 -0600, KJS_Public authored the following:
> >. . . The only problem is that the output is not formatted exactly the
> >same way as the manual export . It is very close though and maybe cvtwin
> >could be altered to accept this format or maybe someone could write a
> >conversion program for it.
> >It would make sending in the Norton logs a lot easier.

I didn't know about that!  Can you send me a sample of this log format so I
can see about adapting CVTWIN to use it?

> I had the same problem with my NetGear's Syslog.

Kiwi Syslog Daemon captures syslog.
http://www.kiwisyslog.com/info_syslog.htm

I'd need to add a converter to cvtwin,if one doesn't already exist that
would work with it.

> Work it backwards. Start
> with a copy of blat which is a public domain command line
> mailer. You can
> get a copy at www.blat.net.

> Using Blat, you can schedule a send every hour and you create a
> message in
> blat from a text file.

If you want to roll your own, CVTWIN includes a DOS version of SNDMAIL.EXE,
which is a command line version of the sndmail.dll that CVTWIN uses to send
mail.

> To create that text file you need to parse the output from the logs. This
> is simpler than it sounds using some elementary VB Script. MS's script
> reference is here:
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht
ml/vtoriVBScript.asp
>
>  you need any help, let me know.

The source code for CVTWIN is available at
http://www.dshield.org/clients/cvtwin-source.zip   It uses MS Visual BASIC
6.

Wayne Larmon
DShield.org




More information about the list mailing list