Re: [loganalysis] any experience with parsers on nokia/ipso platform

From: Tina Bird (tbird@precision-guesswork.com)
Date: Tue Aug 21 2001 - 09:20:24 PDT

Next message: Ryan Russell: "Re: [loganalysis] any experience with parsers on nokia/ipso platform"

Previous message: Ryan Russell: "Re: [loganalysis] SIDS 0.20"
In reply to: Martin.Lawrence@gecits-eu.com: "[loganalysis] any experience with parsers on nokia/ipso platform"
Next in thread: Tina Bird: "Re: [loganalysis] any experience with parsers on nokia/ipso platform"
Next in thread: Ryan Russell: "Re: [loganalysis] any experience with parsers on nokia/ipso platform"
Reply: Tina Bird: "Re: [loganalysis] any experience with parsers on nokia/ipso platform"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wouldn't it make a lot more sense to log the IPSO data
to a remote loghost, and use that for your processing?
You wouldn't be limited by the like of compilers, and you
wouldn't be impacting the performance of your firewall
or IDS by using it as a data processing machine as well.

Seems like an easier answer than trying to make Perl and
swatch work on a stripped down operating system.
 
On Tue, 21 Aug 2001 Martin.Lawrence@gecits-eu.com wrote:

> Date: Tue, 21 Aug 2001 19:16:44 +0100
> From: Martin.Lawrence@gecits-eu.com
> To: loganalysisat_private
> Subject: [loganalysis] any experience with parsers on nokia/ipso platform
> 
> does anyone have any experience with logfile parsers on the nokia / ipso
> plaform ?
> since nokia doesn't allow users to compile anything on ipso, we are limited
> to shellscript and perl
> 
> swatch running on perl sound like a fine option
> however, i found very little information on anybody actively using swatch
> on ipso
>  - has anyone ever tried this ?
>  - if so, what is your experience ?
>  - in particular, since perl for ipso was built with the ipso 3.1 libraries
> - does anyone know if it runs on 3.2/3.3/3.4 ?
>  - does anyone know if nokia's perl runs on the ip 110 ?
> 
> 
> Kind regards
> 
> Martin Lawrence
> GE CompuNet Muenchen
> Solution Leader IT Security
> Hoerselbergstrasse 7, 81677 Muenchen, Germany
> Phone: 089 / 45 712-536, Fax: 089 / 45 712-332, Mobile: +49 (0) 172 - 824
> 78 50
> Internet: Martin.Lawrence @ gecits-eu.com
> Visit us on the Internet: http://www.gecits-eu.com
> 
> 
> This email is confidential. If you are not the intended recipient,
> you must not disclose or use the information contained in it.
> If you have received this mail in error, please tell us
> immediately by return email and delete the document.
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
> 

VPN:  http://kubarb.phsx.ukans.edu/~tbird/vpn.html
life: http://kubarb.phsx.ukans.edu/~tbird
work: http://www.counterpane.com


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Ryan Russell: "Re: [loganalysis] any experience with parsers on nokia/ipso platform"
Previous message: Ryan Russell: "Re: [loganalysis] SIDS 0.20"
In reply to: Martin.Lawrence@gecits-eu.com: "[loganalysis] any experience with parsers on nokia/ipso platform"
Next in thread: Tina Bird: "Re: [loganalysis] any experience with parsers on nokia/ipso platform"
Next in thread: Ryan Russell: "Re: [loganalysis] any experience with parsers on nokia/ipso platform"
Reply: Tina Bird: "Re: [loganalysis] any experience with parsers on nokia/ipso platform"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 11:26:37 PDT