RE: [logs] log analysis of netfilter entries?

From: Steve Wray (steve.wrayat_private)
Date: Mon Dec 03 2001 - 20:34:51 PST

Next message: Chris Brenton: "Re: [logs] log analysis of netfilter entries?"

Previous message: Tina Bird: "[logs] Due Diligence for Admission in Court"
In reply to: Jason Haar: "Re: [logs] log analysis of netfilter entries?"
Next in thread: Chris Brenton: "Re: [logs] log analysis of netfilter entries?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It doesn't seem to like netfilter/iptables;

logsnorter: Error line 1. Unknown iptables match on line 1: Dec  2 04:11:02
linus kernel: IN=eth0 OUT= MAC=00:00:c5:3c:fd:10:00:b0:8e:42:74:e3:08:00
SRC=203.79.170.15 DST=203.79.83.162 LEN=48 TOS=0x00 PREC=0x00 TTL=106
ID=33719 DF PROTO=TCP SPT=2306 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0

> From: Jason Haar [mailto:Jason.Haarat_private]
>
> On Tue, Dec 04, 2001 at 01:55:52PM +1300, Steve Wray wrote:
> > Hmmm...
> > I use acid to analyse my snort alerts,
> > something like that for netfilter log entries
> > would be nice!
>
> Sounds like you need logsnorter. Dumps some Firewall syslog entries into
> snort's backend SQL databases...
>
> Support Linux ipfwadm, ipchains, iptables as well as Cisco ACLs...
>
> It's listed on the download page of www.snort.org



---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Chris Brenton: "Re: [logs] log analysis of netfilter entries?"
Previous message: Tina Bird: "[logs] Due Diligence for Admission in Court"
In reply to: Jason Haar: "Re: [logs] log analysis of netfilter entries?"
Next in thread: Chris Brenton: "Re: [logs] log analysis of netfilter entries?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 21:45:56 PST