in principle, yes, we would love to have that kind of flexibility however, we have a large number of small firewalls and vpn-appliances to manage using a local loghost for each firewall/vpn-appliance would be too costly and logging it over the internet is ruled out - neither nokia nor check point encrypt their log-data plus, some of these devices are attached via 64kbit, which could be seriously swamped by log-data so we'll try to get swatch to work (i've dropped todd atkins a mail) if we can't get it to work, we'll try using systemwatch by open service it can do log file analysis and many other things - however, it is somewhat pricy tbird@precision-guesswork.com on 21.08.2001 17:20:24 To: Martin.Lawrence@gecits-eu.com cc: loganalysisat_private Subject: Re: [loganalysis] any experience with parsers on nokia/ipso platform -------------------------------------------------------------------------- Wouldn't it make a lot more sense to log the IPSO data to a remote loghost, and use that for your processing? You wouldn't be limited by the like of compilers, and you wouldn't be impacting the performance of your firewall or IDS by using it as a data processing machine as well. Seems like an easier answer than trying to make Perl and swatch work on a stripped down operating system. On Tue, 21 Aug 2001 Martin.Lawrence@gecits-eu.com wrote: > Date: Tue, 21 Aug 2001 19:16:44 +0100 > From: Martin.Lawrence@gecits-eu.com > To: loganalysisat_private > Subject: [loganalysis] any experience with parsers on nokia/ipso platform > > does anyone have any experience with logfile parsers on the nokia / ipso > plaform ? > since nokia doesn't allow users to compile anything on ipso, we are limited > to shellscript and perl > > swatch running on perl sound like a fine option > however, i found very little information on anybody actively using swatch > on ipso > - has anyone ever tried this ? > - if so, what is your experience ? > - in particular, since perl for ipso was built with the ipso 3.1 libraries > - does anyone know if it runs on 3.2/3.3/3.4 ? > - does anyone know if nokia's perl runs on the ip 110 ? > > > Kind regards > > Martin Lawrence > GE CompuNet Muenchen > Solution Leader IT Security > Hoerselbergstrasse 7, 81677 Muenchen, Germany > Phone: 089 / 45 712-536, Fax: 089 / 45 712-332, Mobile: +49 (0) 172 - 824 > 78 50 > Internet: Martin.Lawrence @ gecits-eu.com > Visit us on the Internet: http://www.gecits-eu.com > > > This email is confidential. If you are not the intended recipient, > you must not disclose or use the information contained in it. > If you have received this mail in error, please tell us > immediately by return email and delete the document. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html life: http://kubarb.phsx.ukans.edu/~tbird work: http://www.counterpane.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 09:24:26 PDT