Martin, Tina is right, we tried to have the analysis logic process on the IPSO box and it was an exercise in futility. you should logswitch, convert to csv and export to another machine (using ssh, of course) before you start processing log data. -----Original Message----- From: Tina Bird To: Martin.Lawrence@gecits-eu.com Cc: loganalysisat_private Sent: 8/21/01 12:20 PM Subject: Re: [loganalysis] any experience with parsers on nokia/ipso platform Wouldn't it make a lot more sense to log the IPSO data to a remote loghost, and use that for your processing? You wouldn't be limited by the like of compilers, and you wouldn't be impacting the performance of your firewall or IDS by using it as a data processing machine as well. Seems like an easier answer than trying to make Perl and swatch work on a stripped down operating system. On Tue, 21 Aug 2001 Martin.Lawrence@gecits-eu.com wrote: > Date: Tue, 21 Aug 2001 19:16:44 +0100 > From: Martin.Lawrence@gecits-eu.com > To: loganalysisat_private > Subject: [loganalysis] any experience with parsers on nokia/ipso platform > > does anyone have any experience with logfile parsers on the nokia / ipso > plaform ? > since nokia doesn't allow users to compile anything on ipso, we are limited > to shellscript and perl > > swatch running on perl sound like a fine option > however, i found very little information on anybody actively using swatch > on ipso > - has anyone ever tried this ? > - if so, what is your experience ? > - in particular, since perl for ipso was built with the ipso 3.1 libraries > - does anyone know if it runs on 3.2/3.3/3.4 ? > - does anyone know if nokia's perl runs on the ip 110 ? > > > Kind regards > > Martin Lawrence > GE CompuNet Muenchen > Solution Leader IT Security > Hoerselbergstrasse 7, 81677 Muenchen, Germany > Phone: 089 / 45 712-536, Fax: 089 / 45 712-332, Mobile: +49 (0) 172 - 824 > 78 50 > Internet: Martin.Lawrence @ gecits-eu.com > Visit us on the Internet: http://www.gecits-eu.com > > > This email is confidential. If you are not the intended recipient, > you must not disclose or use the information contained in it. > If you have received this mail in error, please tell us > immediately by return email and delete the document. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html life: http://kubarb.phsx.ukans.edu/~tbird work: http://www.counterpane.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 11:38:30 PDT