Firewall Wizards mailing list archives
Re: Firewall log analysis tools
From: Vladimir Parkhaev <vladimir () arobas net>
Date: Wed, 8 Oct 2003 08:43:18 -0400
Quoting Bill Royds (broyds () rogers com):
What I would really like is a repository of Perl regexes for various log formats (firewall, router, web server syslog etc.) .
Set one up, I'll contribute :)
I have a fair library of Perl routines to create reports, but figuring out the proper regexes to read the logs and generate a hash of values to analyse is a real pain.
What is pain for you is fun for me... In reality, report requirements are different. I like to see simple stats - number of hits from srcIP to dstIP:port (and timestamps sometimes). Plain text, short and simple. Some people like long HTMLized reports with flashing colors and heavy content. I like your idea of having repository of regexes, though. This way we can separate presentation from actual parsing. May be we can ask Tina for some space under RegExes & Log parsing category of her webspace. What do you think, Tina? _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall log analysis tools skpoo (Oct 07)
- Re: Firewall log analysis tools Rod Marten (Oct 07)
- Re: Firewall log analysis tools Tina Bird (Oct 07)
- Re: Firewall log analysis tools Vladimir Parkhaev (Oct 07)
- Re: Firewall log analysis tools Bill Royds (Oct 08)
- Re: Firewall log analysis tools Vladimir Parkhaev (Oct 08)
- Re: Firewall log analysis tools Paul Robertson (Oct 08)
- Re: Firewall log analysis tools Tina Bird (Oct 08)
- Re: Firewall log analysis tools Jeremiah Cornelius (Oct 08)
- Re: Firewall log analysis tools Bill Royds (Oct 08)
- Re: Firewall log analysis tools Rod Marten (Oct 07)
- Re: Firewall log analysis tools Marcus J. Ranum (Oct 08)
- <Possible follow-ups>
- RE: Firewall log analysis tools Melson, Paul (Oct 08)