[logs] Reporting events per time with logsurfer

• Previous message: Frank Heyne: "[logs] Re: Windows XP Event 528 & 538"
• Next in thread: Russell Fulton: "[logs] Re: Reporting events per time with logsurfer"
• Reply: Russell Fulton: "[logs] Re: Reporting events per time with logsurfer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Moin,

I try to monitor arp traffic in a small network. I need to know the
hosts which are making arp request for more then x different hosts in a
small time frame.

I only need a logentry if the number of arp requests are bigger than x.
I was playing with 'tcpdump -n -i <if> arp | logsurfer -f logs.conf' but
 can't get a working logsurfer rule. How does a logsurfer rule look like
that matches my case? Is it possible with logsurfer?

Many thanks
Matthias
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Frank Heyne: "[logs] Re: Windows XP Event 528 & 538"
• Next in thread: Russell Fulton: "[logs] Re: Reporting events per time with logsurfer"
• Reply: Russell Fulton: "[logs] Re: Reporting events per time with logsurfer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Jun 28 2005 - 21:33:50 PDT