Firewall Wizards mailing list archives
Re: Firewall log analysis tools
From: Jeremiah Cornelius <jeremiah () nur net>
Date: Wed, 8 Oct 2003 17:09:09 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 08 October 2003 14:20, Tina Bird wrote:
bill royds wrote:What I would really like is a repository of Perl regexes for various log formats (firewall, router, web server syslog etc.) . I have a fair library of Perl routines to create reports, but figuring out the proper regexes to read the logs and generate a hash of values to analyse is a real pain.
Check out the LIRE app at http://www.logreport.com/en/lire The regex engine here is built with Perl, and GPL'd. Logs it knows how to parse include - Email: * Sendmail * Postfix * qmail * exim * nms (Netscape Messenger Service) * ArGoSoft Message Store: * DBMail * Netscape Message Store * Netscape Messaging Multiplexor WWW: * Common Log Format (Apache, IIS, etc.) * Combined Log Format (Apache, Boa, etc.) * Referrer * Apache mod_gzip * W3C Extended (Microsoft IIS 4.0 & 5.0) DNS: * DNS Bind version 8 * DNS Bind version 9 DNS Zone: * DNS Bind version 8 Firewall: * Cisco * Cisco PIX * ipchains * ipfilter * iptables * WELF * Watchguard FTP: * xferlog (WU-FTPD, ProFTPD, etc) * IIS FTP Printer: * CUPS * LPRng Proxy: * Squid * WELF * MS ISA Database: * MySQL * PostgreSQL Syslog: * BSD-like * Netscape Messaging Server * Solaris 8 * Kiwi Syslog Daemon * Sendmail Switch Log * WTSyslog Spamfilter: * SpamAssassin Dialup * ISDN Log Much coolness. "Lire is GPL'ed Free Software (Open Source) and a free download. The codebase is maintained and copyrighted by the LogReport Foundation..." "...built around the idea of extendibility. Its xml-driven reporting engine can theoretically parse any kind of log, given that a service driver is written to convert the raw log into a Lire DLF (Distilled Log Format) file. This means that Lire is also a long-term solution: as new network services come into vogue, Lire will be there to parse and distill their activity for you." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/hKc4Ji2cv3XsiSARAnMwAJ48TUtETDZ/U0gvsWt9SWofM3SrWACg9lRz VGs/mvQE/9ofwZ3/j9d1R+k= =ZJcc -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall log analysis tools skpoo (Oct 07)
- Re: Firewall log analysis tools Rod Marten (Oct 07)
- Re: Firewall log analysis tools Tina Bird (Oct 07)
- Re: Firewall log analysis tools Vladimir Parkhaev (Oct 07)
- Re: Firewall log analysis tools Bill Royds (Oct 08)
- Re: Firewall log analysis tools Vladimir Parkhaev (Oct 08)
- Re: Firewall log analysis tools Paul Robertson (Oct 08)
- Re: Firewall log analysis tools Tina Bird (Oct 08)
- Re: Firewall log analysis tools Jeremiah Cornelius (Oct 08)
- Re: Firewall log analysis tools Bill Royds (Oct 08)
- Re: Firewall log analysis tools Rod Marten (Oct 07)
- Re: Firewall log analysis tools Marcus J. Ranum (Oct 08)
- <Possible follow-ups>
- RE: Firewall log analysis tools Melson, Paul (Oct 08)