North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Automated Network Abuse Reporting
try LogDog to act on the syslog data...it sends all syslog log files through a pipe and scans for specific data...then you can email the complete message to anyone. It can have a negative performance impact depending on the number of sustained syslog logs being generated....but I used it on a system receiving syslog logs from over 200 routers and didn't see any issues. Of course syslog-ng can also do this....but I found logdog easier to implement. Not sure how you can automate the abuse email address?? You can specify a perl script from within the logdog conf file that could do a dig on the ip address from the source address...but that's just me thinking out loud. I think you'll find many programs out there that can do this...both commercial and opensource...but you'll need to do some customization. steve On Monday 29 December 2003 09:04 am, Jason Lixfeld wrote: > We're a small company but none the less are inundated with firewall > logs reporting numerous attempts to find holes in our network; c'est la > vie. Seeing as how we are small, we don't have the resources to go > through and send emails off to the abuse departments of each network > sourcing the probes. Question is: Has there been development of some > sort of intelligent unix land app that can understand Cisco syslog > output, find the abuse departments of the sourcing networks and send > them off a nice little FYI?
|