Old story new cover...
The email below is in reference to my much earlier request for a "good"
syslogger. Something I still need.
I would also like to see GTA figure a way to capture the MAC address as
well as the other data.
My reason is simple - see the log data roughly 9 lines down! Something
is managing to get behind the firewall and initiate this crap. I have
scanned all systems via real-time and using Online and all computers are
clean. If I was any more clamped down, I would not be able to breathe.
VPN appears clean, DMZ is clean. So you tell me where this crap is
originating from! The GTA ver 3.4.0 (Flash) logs are worthless for this
one because they do not provide a MAC address.
Danny
<LOG DATA>
ALARM NO: 1
DATE: Thu 2004-01-22 18:55:22 GMT
INTERFACE: Protected (xl0)
INTERFACE TYPE: Protected
ALARM TYPE: Possible spoof
IP PACKET: TCP [198.202.130.170/1239]-->[64.35.110.11/80] l=0
f=0x2
[198.202.130.170/1239]-->[64.35.110.11/http]
DETAILED DESCRIPTION:
Return interface for IP packet is different than arrival.
<LOG DATA END>
-----Original Message-----
From: John Stokes [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 7:37 PM
To: Cox, Danny H.
Cc: [EMAIL PROTECTED]
Subject: Re: [gb-users] Syslogger - that works?
On Thu, 3 Apr 2003 18:32:32 -0800, "Cox, Danny H." <[EMAIL PROTECTED]>
wrote:
> I am in dire need of a syslogger for Windows 2000 - Please do not
> suggest KIWII.
I dropped trying to capture this in Windows and went with Syslog-ng on a
UNIX system (Linux works weel for this).
> I need the following features:
Syslog-ng will not meet all your desires by itself. Divide the features
you want into these major functions: capturing, filtering, and
reporting. It
can then handle the capturing and initial filtering.
> 1. Multiple log file capability - to save captured data to different
> data files (at least 3)
In the Syslog-ng configuration file you specify the output files. It
supports macros that will allow dynamic parameters, such as dates
(automatic file rotation), source hosts, etc. that will allow you to
uniquely name different logs (without having define each individually).
> 2. Multiple capture sources - to capture and segment data from several
> different sources (at least 2)
You define filters that will select matched patterns, source, program,
level, and more.
> 3. Ability to sort, filter, and display real-time without losing any
> data - at least 3 windows
Syslog-ng will do the initial sorting and filtering. There are other
tools for Linux and Windows that you can then use for displaying and
further filtering.
You can specify the output to be piped into another program. This could
fead real-time data into your monitoring program(s).
> 4. Ability to compare capture screens real-time for possible patterns
-
> at least 2
I'm leaving this to the display program. I suggest you serch
http://freshmeat.net/ for log file reporting and monitoring programs. I
seen a number over a year ago when I was searching for a centralized
logging and reporting solution.
> I would like this additional feature:
> 1. Ability to configure the above features so they can each use
> independent ports
You can define the listening port for each source in Syslog-ng.
It may not be a single program solution but the flexability I found in
Syslog-ng really helps me control my logs.
--
John Stokes
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
