From owner-freebsd-security  Tue Jun  5  1:31: 0 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
	by hub.freebsd.org (Postfix) with ESMTP id 1B57237B403
	for <freebsd-security@FreeBSD.ORG>; Tue,  5 Jun 2001 01:30:55 -0700 (PDT)
	(envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (on@banyan.cs.ait.ac.th [192.41.170.5])
	by mail.cs.ait.ac.th (8.11.3/8.9.3) with ESMTP id f558m9B00684;
	Tue, 5 Jun 2001 15:48:09 +0700 (ICT)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.8.5/8.8.5) id PAA21823;
	Tue, 5 Jun 2001 15:30:48 +0700 (ICT)
Date: Tue, 5 Jun 2001 15:30:48 +0700 (ICT)
Message-Id: <200106050830.PAA21823@banyan.cs.ait.ac.th>
X-Authentication-Warning: banyan.cs.ait.ac.th: on set sender to on@banyan.cs.ait.ac.th using -f
From: Olivier Nicole <on@cs.ait.ac.th>
To: rh@com-con.net
Cc: freebsd-security@FreeBSD.ORG
In-reply-to: <F54B610C5BFDE546BBA2F6CC595ACC75084958@Exchange2000.com-con.ag>
	(rh@com-con.net)
Subject: Re: security log file parser / ids
References:  <F54B610C5BFDE546BBA2F6CC595ACC75084958@Exchange2000.com-con.ag>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

René,

>i am searching for a parser that parses security logs from ipfw-made up
>logs. anyone got a hint?

Do you mean output to syslog? I'd suggest swatch
(http://www.cert.org/security-improvement/implementations/i042.01.html)
but did not test it myself (one of my many project for when I have
some time, maybe next century :)

Regards,

olivier

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message