I haven't had a chance to use it yet, but you may want to check
out:
http://cs.calvin.edu/~mpost89/pixlog/
Don't know if it has what you're looking for, but probably worth
a look.
Carl
> -----Original Message-----
> From: Dave Horsfall [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 17, 2000 11:11 PM
> To: Firewalls List
> Subject: Wanted: simple Cisco log analyser
>
>
> [ Making a comeback after a long break ]
>
> I'm looking for something that will do a rudimentary analysis
> of a Cisco's
> "deny" log; something like a list of the perps, who probed
> these targets,
> on these ports, X times etc.
>
> Perhaps a list of the Top 10 Ports (which really ought to be
> nailed down),
> the Top 10 Targets (which could indicate they've been compromised, and
> merit special attention), and Top 10 Perps (who ought to be
> fire-walled
> off without further ado, and don't even bother logging them).
>
> I looked at "Pixie" (mentioned in the archives) but it's a
> bit over the
> top, and another list of products seem to refer to Web/FTP analysis
> etc. Nothing in the Cisco archives either.
>
> I'm willing to knock something up in Perl, but it would take
> a while, in
> between my "real" job, so if there's one available now I'd use it. I
> started to log "deny" packets the other day, and got the shock of my
> life: non-stop probes for NetBIOS servers, what looks like
> half the world
> attempting to connect to a proxy server on 3128, and someone in Italy
> tried to Telnet to a bunch of machines at once...
>
> -- Dave Horsfall CL VK2KFU
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
