I've just published another goofy tool I wrote called PLOG. It's a promiscuous-mode log collector. http://www.ranum.com/security/computer_security/code Basically, what it does is sets a BPF filter for UDP port 514, collects all the packets, reaches into the UDP data body and pulls out the kicking, bloody, and screaming syslog message, which it then stuffs up /dev/log. The code has not been tested on Linux (though it builds if you have pcap in the right places and use the BSD udpheader definitions) but it works fine on most BSDs. It's kind of cool how well it works - and it's very useful for testing log analysis stuff without having to interfere with your real log-server. Do not abuse this tool! As with all promiscuous-mode listeners, you should be careful to only use it with permission from proper authority. Misuse of this tool might violate the federal wiretap statute, ECPA, and other parts of US Code. mjr. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Fri Aug 20 2004 - 12:17:14 PDT