lire-doc 2:2.1.1-2.1 / usr / share / doc / lire / user-manual / ch10.html

<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 10. Firewall Supported Log Formats</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Lire User's Manual"><link rel="up" href="pt02.html" title="Part II. Log Formats"><link rel="prev" href="ch09s06.html" title="Sendmail&#8482;"><link rel="next" href="ch10s02.html" title="IPChains"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 10. Firewall Supported Log Formats</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch09s06.html">Prev</a> </td><th width="60%" align="center">Part II. Log Formats</th><td width="20%" align="right"> <a accesskey="n" href="ch10s02.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 10. Firewall Supported Log Formats"><div class="titlepage"><div><div><h2 class="title"><a name="chap:firewall-logs"></a>Chapter 10. Firewall Supported Log Formats</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="ch10.html#id383592">Cisco ACL</a></span></dt><dt><span class="section"><a href="ch10s02.html">IPChains</a></span></dt><dt><span class="section"><a href="ch10s03.html">IP Filter</a></span></dt><dt><span class="section"><a href="ch10s04.html">IPTables </a></span></dt><dt><span class="section"><a href="ch10s05.html">WebTrends Enhanced Log Format</a></span></dt></dl></div><p><span class="application">Lire</span> supports logs from many packet filter firewalls.</p><div class="section" title="Cisco ACL"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id383592"></a>Cisco ACL</h2></div></div></div><p>Cisco routers that use <span class="application">IOS</span>
          can log activity via <span class="command"><strong>syslog</strong></span>. <span class="application">Lire</span> is
          able to process the logs entries corresponding to the
          packet filters.
        </p><div class="example"><a name="id383617"></a><p class="title"><b>Example 10.1. IOS Log Sample</b></p><div class="example-contents"><pre class="programlisting">

Aug 19 04:02:34 1.example.com.nl 218963: Aug 19 04:02:32.977: \
    %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed \
    state to down
Aug 19 04:02:34 1.example.com.nl 218964: Aug 19 04:02:33.262: \
    %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from \
    172605440 teraar, call lasted 42 seconds
Aug 19 04:02:35 1.example.com.nl 218965: Aug 19 04:02:33.266: \
    %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
Aug 19 04:02:38 1.example.com.nl 218966: Aug 19 04:02:36.103: \
    %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.0.1(4652) -&gt; \
    10.0.0.2(80), 1 packet
Aug 19 04:02:45 1.example.com.nl 218967: Aug 19 04:02:43.543: \
    %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 86 changed to down
Aug 19 04:02:53 1.example.com.nl 218968: Aug 19 04:02:51.471: \
    %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.0.3(2162) -&gt; \
    10.0.0.4(80), 1 packet
Aug 19 04:03:06 1.example.com.nl 218969: Aug 19 04:03:04.585: \
    %ISDN-6-LAYER2DOWN: Layer 2 for Interface BRI0, TEI 86 changed to down
Aug 19 04:03:10 1.example.com.nl 218970: Aug 19 04:03:08.867: \
    %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.0.5(2342) -&gt; \
    10.0.0.6(80), 1 packet
Aug 19 04:03:12 1.example.com.nl 218971: Aug 19 04:03:10.771: \
    %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.0.7(1093) -&gt; \
    10.0.0.8(80), 1 packet
Aug 19 04:03:36 1.example.com.nl 218972: Aug 19 04:03:34.373: \
    %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.0.9(3173) -&gt; \
    10.0.0.10(80), 1 packet

          </pre></div></div><br class="example-break"></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch09s06.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="pt02.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ch10s02.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"><span class="productname">Sendmail</span>&#8482; </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> IPChains</td></tr></table></div></body></html>