From owner-freebsd-security Fri Mar 1 2: 6:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.zrz.tu-berlin.de (mail.zrz.TU-Berlin.DE [130.149.4.15]) by hub.freebsd.org (Postfix) with ESMTP id 67DE137B400 for ; Fri, 1 Mar 2002 02:06:49 -0800 (PST) Received: from p-164-123.zrz.tu-berlin.de ([130.149.164.123] helo=math.tu-berlin.de) by mail.zrz.tu-berlin.de with esmtp (exim-3.35) id 16gjw8-0000vv-00; Fri, 01 Mar 2002 11:06:48 +0100 Received: from localhost (petros@localhost) by math.tu-berlin.de (8.9.3/8.9.3) with ESMTP id LAA09423; Fri, 1 Mar 2002 11:07:07 +0100 (CET) (envelope-from peter.ross@alumni.tu-berlin.de) X-Authentication-Warning: sorchen.zrz.tu-berlin.de: petros owned process doing -bs Date: Fri, 1 Mar 2002 11:07:07 +0100 (CET) From: Peter Ross X-Sender: petros@sorchen.zrz.tu-berlin.de To: Christian Gielstrup Cc: freebsd-security@freebsd.org Subject: Re: resolve ipaddr and ports in logs In-Reply-To: <004b01c1c0c6$1b413380$7800000a@gielstrup.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Christian > Greetings from Denmark.. Hi, greetings from your southern neighbour in Germany:) > Is it possible to have the ipaddresses and ports resolved on the rules > that are logged? I think it isn't a good idea cause it takes too much time and traffic. If there are Disastrous Name Service (DNS) problems the output may stop. And you need the logs if you have problems.. Write a script which takes the log file, performs the DNS lookups, looks in /etc/services and write the resolved addresses and ports to the output. You need the resolved addresses only if you look over. Regards Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message