Educause Security Discussion mailing list archives
Re: Network flow log consolidation
From: Graham Toal <gtoal () UTPA EDU>
Date: Tue, 25 Apr 2006 15:36:55 -0500
Speaking of MARS, does anyone know of an open source application for collecting logs off of Cisco IDS modules? MARS wasn't in the budget this year :-)
many years ago when I ran a small ISP and we couldn't afford the latest Cisco routers with SNMP, we managed to do OK using the unix (also Windows I think, now) command "expect" to telnet (or now ssh) in to a router and output any counters etc from the command line. Probably something like "show log" I would imagine. Since it is really an interactive session it's a useful trick to set the page size to 0 so that you can output a lot of information without having to hit space every page. There's a good O'Reilly book on Expect, but from what I remember it's quite easy to install and get a trivial program running by cribbing from the included example scripts so you may not need the book. Graham
Current thread:
- Network flow log consolidation Logan Browne (Apr 25)
- <Possible follow-ups>
- Re: Network flow log consolidation Wes Young (Apr 25)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Graham Toal (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Wes Young (Apr 25)
- Re: Network flow log consolidation John Rasmussen (Apr 25)
- Re: Network flow log consolidation Steve Bernard (Apr 25)
- Re: Network flow log consolidation Valdis Kletnieks (Apr 25)
- Network flow log consolidation Kim Cary (Apr 26)
- Re: Network flow log consolidation Ensz, Sean A. (Apr 27)
- Re: Network flow log consolidation David Grisham (Apr 27)
- Re: Network flow log consolidation Tristan RHODES (May 01)