Automated Network Abuse Reporting
Stephen Miller
steve at smiller.org
Mon Dec 29 16:20:58 UTC 2003
try LogDog to act on the syslog data...it sends all syslog log files through a
pipe and scans for specific data...then you can email the complete message to
anyone. It can have a negative performance impact depending on the number of
sustained syslog logs being generated....but I used it on a system receiving
syslog logs from over 200 routers and didn't see any issues. Of course
syslog-ng can also do this....but I found logdog easier to implement. Not
sure how you can automate the abuse email address?? You can specify a perl
script from within the logdog conf file that could do a dig on the ip address
from the source address...but that's just me thinking out loud. I think
you'll find many programs out there that can do this...both commercial and
opensource...but you'll need to do some customization.
steve
On Monday 29 December 2003 09:04 am, Jason Lixfeld wrote:
> We're a small company but none the less are inundated with firewall
> logs reporting numerous attempts to find holes in our network; c'est la
> vie. Seeing as how we are small, we don't have the resources to go
> through and send emails off to the abuse departments of each network
> sourcing the probes. Question is: Has there been development of some
> sort of intelligent unix land app that can understand Cisco syslog
> output, find the abuse departments of the sourcing networks and send
> them off a nice little FYI?
More information about the NANOG
mailing list