Firewall Wizards mailing list archives

Re: Firewall log analysis tools

From: Jeremiah Cornelius <jeremiah () nur net>
Date: Wed, 8 Oct 2003 17:09:09 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 08 October 2003 14:20, Tina Bird wrote:

bill royds wrote:

What I would really like is a repository of Perl regexes for various log
formats (firewall, router, web server syslog etc.) .
I have a fair library of Perl routines to create reports, but figuring
out the proper regexes to read the logs and generate a hash of values to
analyse is a real pain.



Check out the LIRE app at 

http://www.logreport.com/en/lire

The regex engine here is built with Perl, and GPL'd.  Logs it knows how to 
parse include -
Email:  
    * Sendmail
    * Postfix
    * qmail
    * exim
    * nms (Netscape Messenger Service)
    * ArGoSoft

Message Store:  
    * DBMail
    * Netscape Message Store
    * Netscape Messaging Multiplexor

WWW:    
    * Common Log Format (Apache, IIS, etc.)
    * Combined Log Format (Apache, Boa, etc.)
    * Referrer
    * Apache mod_gzip
    * W3C Extended (Microsoft IIS 4.0 & 5.0)

DNS:    
    * DNS Bind version 8
    * DNS Bind version 9

DNS Zone:       
    * DNS Bind version 8

Firewall:       
    * Cisco
    * Cisco PIX
    * ipchains
    * ipfilter
    * iptables
    * WELF
    * Watchguard

FTP:    
    * xferlog (WU-FTPD, ProFTPD, etc)
    * IIS FTP

Printer:        
    * CUPS
    * LPRng

Proxy:  
    * Squid
    * WELF
    * MS ISA

Database:       
    * MySQL
    * PostgreSQL

Syslog:         
    * BSD-like
    * Netscape Messaging Server
    * Solaris 8
    * Kiwi Syslog Daemon
    * Sendmail Switch Log
    * WTSyslog

Spamfilter:     
    * SpamAssassin

Dialup  
    * ISDN Log

Much coolness.

"Lire is GPL'ed Free Software (Open Source) and a free download. The codebase 
is maintained and copyrighted by the LogReport Foundation..."

"...built around the idea of extendibility. Its xml-driven reporting engine 
can theoretically parse any kind of log, given that a service driver is 
written to convert the raw log into a Lire DLF (Distilled Log Format) file. 
This means that Lire is also a long-term solution: as new network services 
come into vogue, Lire will be there to parse and distill their activity for 
you."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/hKc4Ji2cv3XsiSARAnMwAJ48TUtETDZ/U0gvsWt9SWofM3SrWACg9lRz
VGs/mvQE/9ofwZ3/j9d1R+k=
=ZJcc
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Firewall log analysis tools skpoo (Oct 07)
- Re: Firewall log analysis tools Rod Marten (Oct 07)
  - Re: Firewall log analysis tools Tina Bird (Oct 07)
- Re: Firewall log analysis tools Vladimir Parkhaev (Oct 07)
  - Re: Firewall log analysis tools Bill Royds (Oct 08)
    - Re: Firewall log analysis tools Vladimir Parkhaev (Oct 08)
    - Re: Firewall log analysis tools Paul Robertson (Oct 08)
    - Re: Firewall log analysis tools Tina Bird (Oct 08)
    - Re: Firewall log analysis tools Jeremiah Cornelius (Oct 08)
    - Re: Firewall log analysis tools Marcus J. Ranum (Oct 08)
- <Possible follow-ups>
- RE: Firewall log analysis tools Melson, Paul (Oct 08)