Date: Wed, 26 Jul 1995 02:34:26 +0100 From: Gary Palmer <gary@palmer.demon.co.uk> To: security@freebsd.org Subject: Firewall log conversion utility.... Message-ID: <265.806722466@palmer.demon.co.uk>
next in thread | raw e-mail | index | archive | help
Hi I've written a short perl script which will take the output of the FreeBSD kernel firewall software (which is pretty unreadable as it's all in dotted IP address format - being kernel level doing DNS lookups is `interesting' :-) ) and turn it into something more readable. e.g. it would take a line like: Jul 26 02:24:35 firewall /kernel: Deny TCP 192.216.222.4:1405 192.216.223.172:23 (which appears in /var/log/messages if you use the logging version of the filter commands, or any other place you specify kernel messages to be sent to) and turn it into: Jul 24 18:11:51 firewall TCP freefall.cdrom.com:1405 mother.cdrom.com:telnet (it removes the kernel name deliberately - I didn't think it was important). It does a DNS lookup on both IP addresses, and also a getservbyport() on both ports, and prints out (or the way I've got it set, mails to root) the results. Anyone else want to see something like this? If so, I'll tidy up my version a bit and send it out... (it's kinda messy at the moment, being my first perl script to touch on doing non-string operations, like getservbyport() :-) ) Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?265.806722466>