Hi Jeff,
Below these lines you have the script coded in Perl to send to the syslog server whatever you pass to it as parameters. It basically does the same that the UNIX logger command.
The syslog facilities can be calculated with the help of this link
http://www.monitorware.com/Common/en/articles/syslog-described.asp
So, remember to call the logger.exe file (if you compile the code that I supply to you) preceded as "cmd /c c:\logger\logger <all parameters you want to log>". If you use the perl interpreter, you have to do it this way: "cmd /c perl c:\logger\logger.pl <all parameters you want to log>"
Hope it helps. .................................................
use IO::Socket::INET;
my @configuracion ;
open (PROFILE, "c:/logger/logger.conf") ;
@configuracion = <PROFILE>;
close PROFILE ;
chomp $configuracion[0]; #$configuracion[0] keeps the IP of the syslog server
chomp $configuracion[1]; #$configuracion[1] keeps the syslog facility
$sock = IO::Socket::INET->new(PeerAddr => $configuracion[0],
PeerPort => '514',
Proto => 'udp');
print $sock "<$configuracion[1]>@ARGV\n";# what is sent to the syslog server is the facility + the parameters you # passed to the logger script
Jones, Jeff wrote:
Ok, thanks, that's helpful actually. We are using Kiwi for syslog.
Jeff
-----Original Message----- From: Lorenzo Mart�nez Rodr�guez [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 9:19 AM To: Jones, Jeff Cc: [EMAIL PROTECTED] Subject: Re: [ISSForum] Re: Log Network Sensor/Server sensor events to Syslog Server
The syslog server will get only those attacks you had selected in the policy response to do it. I mean you have to select every attack you want to be logged by the syslog machine.
Jones, Jeff wrote:
And the syslog server gets all the attacks as well?
Jeff
-----Original Message----- From: Lorenzo Mart�nez Rodr�guez [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 4:02 AM To: [EMAIL PROTECTED] Subject: [ISSForum] Re: Log Network Sensor/Server sensor events to Syslog Server
Hi Johnny, I had to implement a solution to do that. What I did was call a User Specified response (passing it some parameters as: IP origin, IP target, Name Event, etc) which calls an executable script which sends that information to the UDP 514 port of the syslog collecting machine. That's all!
-- Lorenzo Mart�nez Rodr�guez Consultor de seguridad inform�tica
ISC Consultores Santa Hortensia 2 28002 Madrid
Tel +34 91 510 43 00 Fax +34 91 519 81 08
e-mail [EMAIL PROTECTED]
_______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
---------------------------------------------------------------------- --------------- This e-mail is the exclusive, private and confidential property of the sender. The information contained in it is intended solely for the use of the sender and the intended recipient. If you are not the intended recipient you are hereby advised that any unauthorized disclosure, copying, distribution or the taking of any action in reliance on the contents of this message is strictly prohibited. If you have received this e-mail in error, please notify us immediately by telephone (call the USF Corporation Technical Support Center at 1-800-753-4563) and then destroy this document and any copies in any form immediately. Finally, the recipient should check this email and any attachments for the presence of viruses. USF Corporation accepts no liability for any damage caused by any virus transmitted by this email. -------------------------------------------------------------------------------------
--
Lorenzo Mart�nez Rodr�guez Consultor de seguridad inform�tica
ISC Consultores Santa Hortensia 2 28002 Madrid
Tel +34 91 510 43 00 Fax +34 91 519 81 08
e-mail [EMAIL PROTECTED]
------------------------------------------------------------------------------------- This e-mail is the exclusive, private and confidential property of the sender. The information contained in it is intended solely for the use of the sender and the intended recipient. If you are not the intended recipient you are hereby advised that any unauthorized disclosure, copying, distribution or the taking of any action in reliance on the contents of this message is strictly prohibited. If you have received this e-mail in error, please notify us immediately by telephone (call the USF Corporation Technical Support Center at 1-800-753-4563) and then destroy this document and any copies in any form immediately. Finally, the recipient should check this email and any attachments for the presence of viruses. USF Corporation accepts no liability for any damage caused by any virus transmitted by this email. -------------------------------------------------------------------------------------
--
Lorenzo Mart�nez Rodr�guez Consultor de seguridad inform�tica
ISC Consultores Santa Hortensia 2 28002 Madrid
Tel +34 91 510 43 00 Fax +34 91 519 81 08
e-mail [EMAIL PROTECTED]
_______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
