North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Automated Network Abuse Reporting

  • From: Stephen Miller
  • Date: Mon Dec 29 11:25:14 2003

try LogDog to act on the syslog data...it sends all syslog log files through a 
pipe and scans for specific data...then you can email the complete message to 
anyone. It can have a negative performance impact depending on the number of 
sustained syslog logs being generated....but I used it on a system receiving 
syslog logs from over 200 routers and didn't see any issues. Of course 
syslog-ng can also do this....but I found logdog easier to implement. Not 
sure how you can automate the abuse email address?? You can specify a perl 
script from within the logdog conf file that could do a dig on the ip address 
from the source address...but that's just me thinking out loud. I think 
you'll find many programs out there that can do this...both commercial and 
opensource...but you'll need to do some customization.

steve


On Monday 29 December 2003 09:04 am, Jason Lixfeld wrote:
> We're a small company but none the less are inundated with firewall
> logs reporting numerous attempts to find holes in our network; c'est la
> vie.  Seeing as how we are small, we don't have the resources to go
> through and send emails off to the abuse departments of each network
> sourcing the probes.  Question is:  Has there been development of some
> sort of intelligent unix land app that can understand Cisco syslog
> output, find the abuse departments of the sourcing networks and send
> them off a nice little FYI?