Re: Firewall log analysis tools

[Vladimir Parkhaev <vladimir () arobas net>]

Quoting Bill Royds (broyds () rogers com):
> What I would really like is a repository of Perl regexes for various log
> formats (firewall, router, web server syslog etc.) .

Set one up, I'll contribute :)

> I have a fair library of Perl routines to create reports, but figuring out
> the proper regexes to read the logs and generate a hash of values to analyse
> is a real pain.

What is pain for you is fun for me... In reality, report requirements are
different. I like to see simple stats - number of hits from srcIP to
dstIP:port (and timestamps sometimes).  Plain text, short and simple. Some 
people like long  HTMLized reports with flashing colors and heavy content.

I like your idea of having repository of regexes, though. This way we
can separate presentation from actual parsing. 

May be we can ask Tina for some space under RegExes & Log parsing category of 
her webspace. What do you think, Tina?

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards