Here's stripcisco.pl:
http://www.within.com/~chandhok/isp/#stripcisco.pl
It works well and does everything you've mentioned.
--Matt
> ------------------------------
>
> Date: Wed, 18 Oct 2000 16:11:20 +1000 (EST)
> From: Dave Horsfall <[EMAIL PROTECTED]>
> Subject: Wanted: simple Cisco log analyser
>
> [ Making a comeback after a long break ]
>
> I'm looking for something that will do a rudimentary analysis of a Cisco's
> "deny" log; something like a list of the perps, who probed these targets,
> on these ports, X times etc.
>
> Perhaps a list of the Top 10 Ports (which really ought to be nailed down),
> the Top 10 Targets (which could indicate they've been compromised, and
> merit special attention), and Top 10 Perps (who ought to be fire-walled
> off without further ado, and don't even bother logging them).
>
> I looked at "Pixie" (mentioned in the archives) but it's a bit over the
> top, and another list of products seem to refer to Web/FTP analysis
> etc. Nothing in the Cisco archives either.
>
> I'm willing to knock something up in Perl, but it would take a while, in
> between my "real" job, so if there's one available now I'd use it. I
> started to log "deny" packets the other day, and got the shock of my
> life: non-stop probes for NetBIOS servers, what looks like half the world
> attempting to connect to a proxy server on 3128, and someone in Italy
> tried to Telnet to a bunch of machines at once...
>
> - -- Dave Horsfall CL VK2KFU
--
Matt Hite
Evite.com
Senior Systems Administrator
E: [EMAIL PROTECTED]
P: 415.343.3681
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
