[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Tool to analyze firewall messages



David, Achim,


> Around a month ago I posted a similar message to this list and got some 
> answers:
> - Achim Hoffmann sent me a Perl-script for making a readable file out of 
> /var/log/firewall. e.g.: (remove the CRs)
> Log-entry:
> Oct  9 00:18:48 minasmorgul kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= 
> SRC=80.142.58.48 DST=217.84.7.89 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=29088 DF 
> PROTO=TCP SPT=57456 DPT=4662 WINDOW=5808 RES=0x00 SYN URGP=0 OPT 
> (020405840402080A0053EFB40000000001030300)
> 
> Headline plus generated text:
> Time     Rule                src-IP         :port  > dst-IP         :port 
> proto ttl id    tos  prec len   -- payload
> --------+-------------------+----------------------+----------------------+----+---+-----+----+----+-----+----------
> 00:18:48 DROP-DEFAULT           80.142.58.48 57456 >     217.84.7.89 4662   
> TCP  60 29088 0x00 0x00    60 -- WINDOW=5808 RES=0x00 SYN URGP=0 OPT 
> (020405840402080A0053EFB4000000000

I'm interesting to get this script. Could U post it on this list or send it me by mail.

Thanks

Franck


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here