Re: [Wallfire-users] Help!
Brought to you by:
eychenne
Menu
▾
▴
Re: [Wallfire-users] Help!
|
From: Tim S. <tp...@bu...> - 2003-02-20 16:56:18
|
On Thu, Feb 20, 2003 at 05:42:09PM +0100, Herve Eychenne wrote:
> On Thu, Feb 20, 2003 at 11:20:41AM -0500, Tim Sailer wrote:
>
> Hi,
>
> > I have logs from 2 sources I want to look at, snort (1.9.0 from a Debian
> > box) and Pix, from a Pix 535. wflogs doesn't seem to know how to read
> > either of the logs. I'm using the alert file fril snort, and remote
> > syslog entries from the Pix. Does anyone have pointers?
>
> What exact command line are you using for each file?
two tries for snort,
wflogs -i snort /var/log/snort/alert | wflogs -i any /var/log/snort/alert
and a similar commandline for the Pix.
> You can also join one line of each file for test purpose, if needed...
OK, from snort:
02/20-11:53:08.057888 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] {TCP} 63.240.211.155:12245 -> 192.168.1.1:80
From Pix:
Feb 19 00:13:41 pike.local %PIX-2-106006: Deny inbound UDP from 181.30.226.168/1030 to 192.168.1.179/137 on interface outside
--
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>> Tim Sailer >< Coastal Internet, Inc. <<
>> Network and Systems Operations >< PO Box 671 <<
>> http://www.buoy.com >< Ridge, NY 11961 <<
>> tp...@bu... >< (631) 924-3728 (888) 924-3728 <<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
|
