nanog mailing list archives
Re: Automated Network Abuse Reporting
From: Stephen Miller <steve () smiller org>
Date: Mon, 29 Dec 2003 09:20:58 -0700
try LogDog to act on the syslog data...it sends all syslog log files through a pipe and scans for specific data...then you can email the complete message to anyone. It can have a negative performance impact depending on the number of sustained syslog logs being generated....but I used it on a system receiving syslog logs from over 200 routers and didn't see any issues. Of course syslog-ng can also do this....but I found logdog easier to implement. Not sure how you can automate the abuse email address?? You can specify a perl script from within the logdog conf file that could do a dig on the ip address from the source address...but that's just me thinking out loud. I think you'll find many programs out there that can do this...both commercial and opensource...but you'll need to do some customization. steve On Monday 29 December 2003 09:04 am, Jason Lixfeld wrote:
We're a small company but none the less are inundated with firewall logs reporting numerous attempts to find holes in our network; c'est la vie. Seeing as how we are small, we don't have the resources to go through and send emails off to the abuse departments of each network sourcing the probes. Question is: Has there been development of some sort of intelligent unix land app that can understand Cisco syslog output, find the abuse departments of the sourcing networks and send them off a nice little FYI?
Current thread:
- Automated Network Abuse Reporting Jason Lixfeld (Dec 29)
- Re: Automated Network Abuse Reporting Stephen Miller (Dec 29)
- Re: Automated Network Abuse Reporting Etaoin Shrdlu (Dec 29)
- Re: Automated Network Abuse Reporting Joel Jaeggli (Dec 29)
- Re: Automated Network Abuse Reporting Doug Luce (Dec 29)
- Re: Automated Network Abuse Reporting Brian Bruns (Dec 29)
- Re: Automated Network Abuse Reporting Richard A Steenbergen (Dec 29)
- Re: Automated Network Abuse Reporting Joel Jaeggli (Dec 29)
- Re: Automated Network Abuse Reporting Daniel Medina (Dec 29)
- Re: Automated Network Abuse Reporting Stephen Perciballi (Dec 29)