Maybe useful script
Jim Barlow
jbarlow at ncsa.uiuc.edu
Fri Sep 13 13:52:27 PDT 2002
I have written a perl script that has been quite handy when tracking down
incidents when we need to parse the Bro http or ftp logs (these daily logs
can get huge at our site). It organizes the logs by connection and you
can also just pull out connections for specific IP addresses as well. It's
available at:
http://www.ncsa.uiuc.edu/~jbarlow/scripts/
Thought it might be useful for other sites if they don't already have a
script like this. Let me know if there are any problems or additions you
come across.
--
James J. Barlow <jbarlow at ncsa.uiuc.edu>
Senior System/Security Engineer
National Center for Supercomputing Applications Voice : (217)244-6403
605 East Springfield Avenue Champaign, IL 61820 Cell : (217)840-0601
http://www.ncsa.uiuc.edu/~jbarlow Fax : (217)244-1987
More information about the Bro
mailing list