fwlogwatch (http://fwlogwatch.inside-security.de/) has a real time
response script where it interprets and auto updates your netfilter
configuration if that is more of what you are looking for.
Its can also produce informative reports and summaries of your log
entries.
Erik
On Thu, 2004-05-27 at 13:35, krunk wrote:
> I found this, which makes the output much clearer:
> http://logi.cc/linux/NetfilterLogAnalyzer.php3
>
> But I still do not see where the chain is specified in the log.
>
>
> On May 27, 2004, at 1:09 PM, Erik Kamerling wrote:
>
> > You can use snort to do this using plugins from the /contrib directory.
> > Yet this is considered dangerous in many ways since your own software
> > could be used as a vector to DoS you.
> >
> > You can find out about it in section 5.6 and 5.7 of the snort FAQ.
> > http://www.snort.org/docs/FAQ.txt
> >
> > Good luck.
> >
> > Erik
> >
> >
> > On Thu, 2004-05-27 at 12:08, krunk wrote:
> >> I'm attempting to create iptable rules given a log output, but I'm
> >> having trouble finding any good documentation on the topic. I've tried
> >> doing a direct translation myself, but being an iptable newbie haven't
> >> been too successful.
> >>
> >> For example, here is a drop log from an attempted usenet connection
> >> from one of my clients:
> >>
> >> May 27 10:57:40 tuxmac DROPl:IN=eth1 OUT=ppp0 SRC=$INTIP
> >> DST=216.77.188.18 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=54700 DF
> >> PROTO=TCP SPT=56485 DPT=119 WINDOW=65535 RES=0x00 SYN URGP=0
> >>
> >> My goal is to make an interactive program which will create exact,
> >> meaningful rules from log entries.
> >>
> >> cheers,
> >>
> >> james
> >>
> >> ___________________
> >> Nolug mailing list
> >> nolug@nolug.org
> >>
> >
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
> >
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
>
___________________
Nolug mailing list
nolug@nolug.org
Received on 05/27/04
This archive was generated by hypermail 2.2.0 : 12/19/08 EST