> From: Chris Brenton [mailto:cbrentonat_private] > > On Tue, 4 Dec 2001, Jason Haar wrote: > > > > Sounds like you need logsnorter. Dumps some Firewall syslog entries into > > snort's backend SQL databases... > > Another possible is something as simple as scripting some grep > passes. Using Netfilter's --log-prefix switch allows you to ID log entries This sounded fantastic until I tried it. You know what? Its in the man page, but when I try to use it I get; iptables v1.2.2: Unknown arg `--log-prefix` Its in the &$@! man page!!! Its there in black and white! But it ain't in the program! Any ideas? > any way you want. This can provide a great level of detail. For example I > prefix banned IP's as "BADGUY", Null scans as "NULLSCAN", SSH scans as > "SSH_SCAN", etc. etc. etc. In fact, Bill Stearns is working on a module > that will tag log entries with the sender's OS (based on p0f). > > Netfilter's logging is pretty advanced. You really have to stop and think > to realize the full possibilities. and, apparently wait for it to find its way from the docco to the implementation... :( > > HTH, > Chris > -- > ************************************** > cbrentonat_private > > $ chown -R us:us yourbase > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 16:14:44 PST