All, Following up with a windows powershell version for this. You pass it the netstat -nao command and it will filter out the listening ports and return them in a list of tuples ex: [(protocol,ipaddress,port),(protocol,ipaddress,port)]. I can further expand on this to include the actual program name, but for now I'm good with just knowing what ports are listening.
Save as netstatParser.ps1 >> param( [Parameter(ValueFromPipeline=$true,Position=0)] [string] $Data ) $Data = $input $ossec_out = "[" foreach ($line in $input) { if ($line -match "(TCP|UDP)\s+([^:]*):(\d+).*LISTENING") { $var = "($($matches[1]),$($matches[2]),$($matches[3]))," $ossec_out += $var } } $ossec_out += "]" $ossec_out = $ossec_out.replace(",]","]") write-output $ossec_out << Example usage with full command: Netstat -nao | .\parseNetstat.ps1 Output Example: [(TCP,0.0.0.0,135),(TCP,0.0.0.0,445),(TCP,0.0.0.0,2701),(TCP,0.0.0.0,3389),(TCP,0.0.0.0,5985),(TCP,0.0.0.0,7561),(TCP,0.0.0.0,45329),(TCP,0.0.0.0,47001),(TCP,0.0.0.0,49152),(TCP,0.0.0.0,49153),(TCP,0.0.0.0,49154),(TCP,0.0.0.0,49177),(TCP,0.0.0.0,49178),(TCP,0.0.0.0,49183),(TCP,127.0.0.1,55578),(TCP,192.168.222.210,139)] Again thanks Kevin for the inspiration Devon J. Greene PS Pardon my cruddy powershell, it's not really my cup of tea ha. -----Original Message----- From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of BP9906 Sent: Friday, January 17, 2014 7:06 AM To: ossec-list@googlegroups.com Subject: [ossec-list] full_command netstat and other output in alerts.log file The full output should be in a folder. Ive seen it before just dont recall where. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. ________________________________ CONFIDENTIALITY NOTICE: This electronic communication (email), including any attachments, is covered by the Electronic Communications Privacy Act, 18 U.S.C. §§2510 – 2521; is confidential; and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution or copying of this electronic communication is strictly prohibited. Please reply to the sender that you received this message in error and then delete or otherwise destroy any and all copies of this electronic communication. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.