Firewall Wizards mailing list archives
Re: parsing logs ultra-fast inline
From: Anton Chuvakin <anton () chuvakin org>
Date: Mon, 6 Feb 2006 17:05:06 -0500
All, While I am preparing to enter this discussion in full force :-), I figured I'd shoot a quick one on this:
meaning. Take Tina's VPN example - how many types of log entries you would expect from a VPN concentrator? From my experience, not more than 20 but let's assume there are 50. Give a sample from each entry to a Perl
He-he, no :-) I just looked at the old documentation bundle of Cisco VPN 3000 messages and its nowhere near the above. How about 2049 unique messages documented by Cisco? Parsing IS often a challenge, e.g. see this and the discussion that ensued: http://airsnarf.shmoo.com/pipermail/loganalysis/2005-December/002906.html Syslog is where it becomes just plain extreme (50,000 message types anybody?), as Marcus pointed out, but there are some other fun areas where it is tough. Best, -- Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.chuvakin.org http://www.securitywarrior.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- parsing logs ultra-fast inline Marcus J. Ranum (Feb 02)
- Re: parsing logs ultra-fast inline Chuck Swiger (Feb 02)
- RE: parsing logs ultra-fast inline Tina Bird (Feb 02)
- Re: parsing logs ultra-fast inline Adrian Grigorof (Feb 03)
- Re: parsing logs ultra-fast inline Chuck Swiger (Feb 07)
- Re: parsing logs ultra-fast inline Marcus J. Ranum (Feb 07)
- Re: parsing logs ultra-fast inline Brian Loe (Feb 08)
- Message not available
- Re: parsing logs ultra-fast inline Marcus J. Ranum (Feb 08)
- Re: parsing logs ultra-fast inline John Adams (Feb 09)
- Re: parsing logs ultra-fast inline Adrian Grigorof (Feb 03)
- RE: parsing logs ultra-fast inline Paul Melson (Feb 15)
- Re: parsing logs ultra-fast inline Anton Chuvakin (Feb 07)
- Re: parsing logs ultra-fast inline Adrian Grigorof (Feb 07)
- Re: parsing logs ultra-fast inline Patrick M. Hausen (Feb 07)
- RE: parsing logs ultra-fast inline Tina Bird (Feb 07)
- <Possible follow-ups>
- RE: parsing logs ultra-fast inline Behm, Jeffrey L. (Feb 08)