[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-date: Mon Apr 19 07:28:16 2004 -->
- <!--x-from-r13: tevssvfo ng oryyfbhgu.arg (PehprU) -->
- <!--x-message-id: [email protected] -->
- <!--x-subject: [ale] Linksysmon report extract? -->
- <li><em>date</em>: Mon Apr 19 07:28:16 2004</li>
- <li><em>from</em>: griffisb at bellsouth.net (BruceG)</li>
- <li><em>subject</em>: [ale] Linksysmon report extract?</li>
I haven't built a transparent poxy server yet, still using my Linksys BEFSX41
router. I'm using Linksysmon-1.1.2 to grab the router logs (through
snmptrapd). The logs are written as a flat file to /var/log/linksys.log
Have any of you come across a report tool that analyzes Linksys logs? I'l
like to start putting that data into a more understandable format.
The format looks like this:
Parse error: > s: Print only last symbolic element of oid.<
Parse error: > S: Print MIB module-id plus last element.<
Parse error: > t: Print timeticks unparsed as numeric
integers.<
Parse error: > v: Print Print values only (not OID = value).<
Parse error: > T: Print human-readable text along with hex
strings.<
192.168.1.1 2004-04-18 22:43:10-0 system @in TCP from
24.163.153.16:3762 to 68.223.14.68:135.
192.168.1.1 2004-04-18 22:43:16-0 system @in UDP from
61.248.189.5:40126 to 68.223.14.68:1026.
192.168.1.1 2004-04-18 22:43:16-1 system @in UDP from
61.248.189.5:40127 to 68.223.14.68:1027.
192.168.1.1 2004-04-18 22:44:33-0 system @out TCP from
192.168.1.25:33099 to mail.bellsouth.net(205.152.59.16):110.
192.168.1.1 2004-04-18 22:44:42-0 system @in TCP from
218.148.229.90:3181 to 68.223.14.68:80.
192.168.1.1 2004-04-18 22:45:44-0 system @out TCP from
192.168.1.25:33100 to woogie.net(66.92.73.53):80.
192.168.1.1 2004-04-18 22:46:09-0 system @out TCP from
192.168.1.25:33101 to mail.yahoo.com(216.109.127.60):80.
192.168.1.1 2004-04-18 22:46:23-0 system @out TCP from
192.168.1.25:33104 to f407.mail.yahoo.com(66.218.78.177):80.
192.168.1.1 2004-04-18 22:46:26-0 system @out TCP from
192.168.1.25:33106 to view.atdmt.com(216.74.132.10):80.
192.168.1.1 2004-04-18 22:46:32-0 system @in UDP from
61.76.237.56:2769 to 68.223.14.68:1026.
192.168.1.1 2004-04-18 22:46:32-1 system @out TCP from
192.168.1.25:33107 to us.a1.yimg.com(209.249.123.46):80.
192.168.1.1 2004-04-18 22:46:32-2 system @out TCP from
192.168.1.25:33108 to us.i1.yimg.com(209.249.123.174):80.
It looks like I would drop records starting with "Parse error", and keep
records starting with my router's inside IP address - 192.168.1.1. It also
looks like I can get the date, time, direction (in or out), IP address from
and to, protocol (udp or tcp) and port. Where DNS lookup is enabled, I get
the name.
Bruce
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00728" href="msg00728.html">[ale] Linksysmon report extract?</a></strong>
<ul><li><em>From:</em> pete.hardie at sciatl.com (Pete Hardie)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00718.html">[ale] OT geek motorcycle?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00720.html">[ale] OT: investor dumps SCO</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00720.html">[ale] OT: investor dumps SCO</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00728.html">[ale] Linksysmon report extract?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00719"><strong>Date</strong></a></li>
<li><a href="threads.html#00719"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>