> -----Original Message----- > From: MARAIS Darin (ADMIN) > Sent: 30 December 2002 18:00 > To: 'loganalysisat_private' > Subject: ps. need help with some tools for log analogy > > firstly I hope that I am mailing the correct mailing list > > my question is as follows: > > I have some netscreen firewalls for which I will need to do some log > analysis. the logs are in the following format. > > Dec 29 21:07:57 [192.168.210.4.9.32] <removed>: <removed> > device_id=<removed> system-notification-00257(traffic): > start_time="2002-12-29 20:07:35" duration=0 policy_id=22 > service=tcp/port:3658 proto=6 direction=incoming action=Deny sent=0 rcvd=0 > src=removed dst=removed src_port=47481 dst_port=3658 > > im looking for some simple but powerful tools that will help sort the > logs, and manipulate them that they are easier to analyse. i.e. maybe a > perl script or grep "reg_exp" that sorts by dst_port, source port, and > then source ip_address etc. > > perhaps later some perl script that cross references the output with a > Trojan list. these sorts of tools will be useful to me. I have searched > the web but have thus so far not been able to find anything. > > if you are able to help, please drop me a line. i really would be > interested in hearing strategies that people are already using to spot > abnormalities in their own netscreen logs. > > > > Best Regards > Darin Marais _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Dec 31 2002 - 15:16:34 PST