[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Tool to analyze firewall messages



On Sonntag, 20. Oktober 2002 12:07 Achim Hoffmann wrote:

> > In /var/log/messages I see messages like
> >
> > Oct 20 11:00:43 firewall kernel: SuSE-FW-DROP-DEFAULT IN=ippp0
> > OUT= MAC= SRC=61.0.114.198 DST=62.46.154.154 LEN=78 TOS=0x00
> > PREC=0x00 TTL=101 ID=3969 PROTO=UDP SPT=62302 DPT=137 LEN=58
> >
> > I would like to see some whois data of the source IP in clear
> > text and the destination port in clear text too. (Of course I
> > know that 137 is the netbios-port)
>
> Are you interested in these 2 informations only?

Not only, but in these 2 informations I am interested especially.

> If so, would it be sufficient to hand over a script doing just
> that?
>
> > Is there an analyzing tool for these messages? Maybe like
> > webalizer?
>
> What exactly do you mean ba "analyzing", statistics? tabular
> format?

I thought that there could be a script or whatevver, which analyzes 
firewall logs from a "general" view.

I found out, that a lot of scans to my host come from "developing" 
countries, especially from South America and Asia.

Albert

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here