On Sonntag, 20. Oktober 2002 12:07 Achim Hoffmann wrote:
In /var/log/messages I see messages like
Oct 20 11:00:43 firewall kernel: SuSE-FW-DROP-DEFAULT IN=ippp0 OUT= MAC= SRC=61.0.114.198 DST=62.46.154.154 LEN=78 TOS=0x00 PREC=0x00 TTL=101 ID=3969 PROTO=UDP SPT=62302 DPT=137 LEN=58
I would like to see some whois data of the source IP in clear text and the destination port in clear text too. (Of course I know that 137 is the netbios-port)
Are you interested in these 2 informations only?
Not only, but in these 2 informations I am interested especially.
If so, would it be sufficient to hand over a script doing just that?
Is there an analyzing tool for these messages? Maybe like webalizer?
What exactly do you mean ba "analyzing", statistics? tabular format?
I thought that there could be a script or whatevver, which analyzes firewall logs from a "general" view. I found out, that a lot of scans to my host come from "developing" countries, especially from South America and Asia. Albert