Question about Logs
David Cruz Langreo
kitai@ya.com
Mon, 5 Jun 2000 16:36:10 +0200
I wasn't thinking of that..
It's gonna be installed on the office firewall
and we need to know what IP's are moving more traffic, and
what's the total amount of traffic moved from the in-network to the
out-network.
It's gonna output to HTMl..that's sure.
And i was thinking on (in..:-) ) perl.
And it will draw some graphs...
Almost like Webtrends Firewall program, but with support only for
ipchains logs..
(Cuz that one does not support it..)
-----------------------------------------
-----------David Cruz Langreo------------
--------Administrador de sistemas--------
---------------www.ya.com----------------
--------------kitai@ya.com---------------
-----------------------------------------
-----Mensaje original-----
De: gently@baer.rwth-aachen.de [mailto:gently@baer.rwth-aachen.de]
Enviado el: lunes, 05 de junio de 2000 16:20
Para: kitai@ya.com
CC: netfilter@samba.org
Asunto: Re: Question about Logs
David Cruz Langreo wrote:
>
> I'm gonna make a program to audit and show some graphs using the
> ipchains log on syslog file.
very interesting, i just started something similiar at the weekend.
what is your intention ?
My is :
* two types of HTML output
1. long and with a lot of details
2. very short only the hardest attacks (also an e-mail version)
* logfile parsing of 2 or more fw., because :
- detecting attacks for more than one subnet
* programed in C
Gereon