[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Tool to analyze firewall messages
On Sonntag, 20. Oktober 2002 12:07 Achim Hoffmann wrote:
> > In /var/log/messages I see messages like
> > Oct 20 11:00:43 firewall kernel: SuSE-FW-DROP-DEFAULT IN=ippp0
> > OUT= MAC= SRC=18.104.22.168 DST=22.214.171.124 LEN=78 TOS=0x00
> > PREC=0x00 TTL=101 ID=3969 PROTO=UDP SPT=62302 DPT=137 LEN=58
> > I would like to see some whois data of the source IP in clear
> > text and the destination port in clear text too. (Of course I
> > know that 137 is the netbios-port)
> Are you interested in these 2 informations only?
Not only, but in these 2 informations I am interested especially.
> If so, would it be sufficient to hand over a script doing just
> > Is there an analyzing tool for these messages? Maybe like
> > webalizer?
> What exactly do you mean ba "analyzing", statistics? tabular
I thought that there could be a script or whatevver, which analyzes
firewall logs from a "general" view.
I found out, that a lot of scans to my host come from "developing"
countries, especially from South America and Asia.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here