LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-05-2007, 12:43 AM   #1
hattori.hanzo
Member
 
Registered: Aug 2006
Posts: 168

Rep: Reputation: 15
PIX Syslog Script


I am trying to get a pix syslog script to run. I found the script on a mailing list and would like to use it to make some sense of my logs.

Code:
#!/bin/sh -f 
# 
# PIX 6.2-6.3 syslog parser 
# Lists incoming traffic by dest IP/port, 
# source IP, service, and occurances. 
# 
# It's a shell script, so I guess it's Open Source. :-) 
# 
# Paul Melson (pmelson_at_analysts_dot_com) 
# 


if [ $1x = x ]; then echo "Usage: $0 <filename> <min. instances>" 
  exit 1 
fi 
if [ $2x != x ]; then lim=`expr $2` 
  else lim=10 
fi 
echo "`date` Parsing data..." 
grep Built\ inbound\ TCP $1 |sed 's/\(.*\):\(.*\):\(.*\):\(.*\):\(.*\)\/\(.*\)\/\(.*\):\(.*\)\ \(.*\)/\8_from_\5/' >$1-inbound.tcp.tmp1 2>/dev/null 
grep Built\ inbound\ UDP $1 |sed 's/\(.*\):\(.*\):\(.*\):\(.*\):\(.*\)\/\(.*\)\/\(.*\):\(.*\)\ \(.*\)/\8_from_\5/' >$1-inbound.udp.tmp1 2>/dev/null 
echo -n "`date` Building report..." 
date > $1-rpt.txt 
echo "----------------------------" >> $1-rpt.txt 
echo "Log file: $1" >> $1-rpt.txt 
echo "Log file starts: `head -1 $1 |cut -f1-2`" >> $1-rpt.txt 
echo "Log file ends: `tail -2 $1 |head -1 |cut -f1-2`" >> $1-rpt.txt 
echo >> $1-rpt.txt 
echo "Incoming TCP hosts/ports" >> $1-rpt.txt 
echo "------------------------" >> $1-rpt.txt 
for dst in `cat $1-inbound.tcp.tmp1 |sort -t . -n +0 -1 +1 -2 +2 -3 +3 -4 |uniq` 
{ 
  echo "${dst}" 
  num=`grep -c "${dst}" $1-inbound.tcp.tmp1` 
  if [ ${num} -gt ${lim} ]; then 
    prt=`echo $dst |cut -d/ -f2 |cut -d_ -f1` 
    echo "${dst}" >> $1-rpt.txt 
    echo "- Service: `grep -m1 ${prt}/tcp /etc/services |cut -f1-2`" >> $1-rpt.txt 
    echo "- Number of occurances: ${num}" >> $1-rpt.txt 
    echo >> $1-rpt.txt 
  fi 
} 
# rm $1-inbound.tcp.tmp1 
echo >> $1-rpt.txt 
echo "Incoming UDP hosts/ports" >> $1-rpt.txt 
echo "------------------------" >> $1-rpt.txt 
for dst in `cat $1-inbound.udp.tmp1 |sort -t . -n +0 -1 +1 -2 +2 -3 +3 -4 |uniq` 
do 
  num=`grep -c "${dst}" $1-inbound.udp.tmp1` 
  if [ ${num} -gt ${lim} ]; then 
    prt=`echo $dst |cut -d/ -f2 |cut -d_ -f1` 
    num=`grep -c ${dst} $1-inbound.udp.tmp1` 
    echo "${dst}" >> $1-rpt.txt 
    echo "- Service: `grep -m1 ${prt}/udp /etc/services |cut -f1-2`" >> $1-rpt.txt 
    echo "- Number of occurances: ${num}" >> $1-rpt.txt 
    echo >> $1-rpt.txt 
  fi 
done 
# rm $1-inbound.udp.tmp1 
echo " $1-rpt.txt done."
When I run the script, I get the following output:

Code:
[root@mybox ~]$ ./pix62-syslog-parser.sh
Usage: ./pix62-syslog-parser.sh <filename> <min. instances>
[root@mybox ~]$ ./pix62-syslog-parser.sh pix.log
Fri Oct  5 19:35:00 EST 2007 Parsing data...
Fri Oct  5 19:35:00 EST 2007 Building report...sort: invalid option -- 1
Try `sort --help' for more information.
sort: invalid option -- 1
Try `sort --help' for more information.
 pix.log-rpt.txt done.
Does anyone know what could be wrong?

thanks in advance
 
Old 10-05-2007, 02:49 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Moved to Software, as it isn't a security question.
 
Old 10-05-2007, 03:06 AM   #3
tajamari
Member
 
Registered: Jul 2007
Distribution: Red Hat CentOS Ubuntu FreeBSD OpenSuSe
Posts: 252

Rep: Reputation: 32
have you tried pla2 logging architecture for PIX. its much better that this parser script.
 
Old 10-07-2007, 07:29 PM   #4
hattori.hanzo
Member
 
Registered: Aug 2006
Posts: 168

Original Poster
Rep: Reputation: 15
Thanks but I just needed something more simple.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Pix logging on syslog... logrotate does not work logicalfuzz Linux - Software 0 03-06-2006 12:04 AM
syslog-ng & Pix Problems mpapet Debian 1 01-27-2006 03:30 PM
Cisco PIX syslog problems jce23 Linux - Security 5 09-13-2004 04:15 PM
Configuring /etc/syslog for Cisco PIX triley Linux - General 0 07-02-2004 10:28 AM
PIX to linux syslog daemon neoflea Linux - Networking 1 09-10-2003 04:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration