[66144] in North American Network Operators' Group
Re: Automated Network Abuse Reporting
daemon@ATHENA.MIT.EDU (Stephen Miller)
Mon Dec 29 11:23:25 2003
From: Stephen Miller <steve@smiller.org>
To: Jason Lixfeld <jason@lixfeld.ca>, nanog@nanog.org
Date: Mon, 29 Dec 2003 09:20:58 -0700
In-Reply-To: <AD225440-3A18-11D8-BBC5-000A95989E4A@lixfeld.ca>
Errors-To: owner-nanog-outgoing@merit.edu
try LogDog to act on the syslog data...it sends all syslog log files through a
pipe and scans for specific data...then you can email the complete message to
anyone. It can have a negative performance impact depending on the number of
sustained syslog logs being generated....but I used it on a system receiving
syslog logs from over 200 routers and didn't see any issues. Of course
syslog-ng can also do this....but I found logdog easier to implement. Not
sure how you can automate the abuse email address?? You can specify a perl
script from within the logdog conf file that could do a dig on the ip address
from the source address...but that's just me thinking out loud. I think
you'll find many programs out there that can do this...both commercial and
opensource...but you'll need to do some customization.
steve
On Monday 29 December 2003 09:04 am, Jason Lixfeld wrote:
> We're a small company but none the less are inundated with firewall
> logs reporting numerous attempts to find holes in our network; c'est la
> vie. Seeing as how we are small, we don't have the resources to go
> through and send emails off to the abuse departments of each network
> sourcing the probes. Question is: Has there been development of some
> sort of intelligent unix land app that can understand Cisco syslog
> output, find the abuse departments of the sourcing networks and send
> them off a nice little FYI?
