Customizing cactiEZ and syslog-ng
$30-250 USD
Paid on delivery
Need step by step instructions for customizing cactiEZ and syslog-ng to parse incoming firewall syslogs to extract message details and insert into mysql database.
([url removed, login to view])
Step by step instructions for installing pdbtool and using it on syslog samples to get regex filter in patterndb XML format.
Step by step instructions to install and get filter to map syslog message to variable, create tables in mySQL database, and link incoming message variables to table.
Step by step instructions to create cactiez graphs and lists based on dates ips and ports from data in database
Sample syslog data:
170.88.112.3 jun/15/2011 12:32:33 system,error,critical login failure for user admin from [url removed, login to view] via ssh
[url removed, login to view] jun/14/2011 12:32:23 system,error,critical Site22: login failure for user root from [url removed, login to view] via ssh
[url removed, login to view] jun/14/2011 10:32:23 firewall,info 17AcmeCorp: input: in:pppoe-out1 out:(none), proto TCP (SYN), [url removed, login to view]:45379->[url removed, login to view], len 60
170.88.112.3 jun/14/2011 10:20:25 firewall,info companyCCC: input: in:ether1WAN out:(none), proto UDP, [url removed, login to view]:53->[url removed, login to view], len 81
Possible variables:
date,time,alerttype,sitenameifexists,protocol,sourceip,sourceport,destinationip,destinationport
Project ID: #1104930