Need step by step instructions for customizing cactiEZ and syslog-ng to parse incoming firewall syslogs to extract message details and insert into mysql database.
([login to view URL])
Step by step instructions for installing pdbtool and using it on syslog samples to get regex filter in patterndb XML format.
Step by step instructions to install and get filter to map syslog message to variable, create tables in mySQL database, and link incoming message variables to table.
Step by step instructions to create cactiez graphs and lists based on dates ips and ports from data in database
Sample syslog data:
[login to view URL] jun/15/2011 12:32:33 system,error,critical login failure for user admin from 1.22.133.233 via ssh
[login to view URL] jun/14/2011 12:32:23 system,error,critical Site22: login failure for user root from 1.130.156.146 via ssh
[login to view URL] jun/14/2011 10:32:23 firewall,info 17AcmeCorp: input: in:pppoe-out1 out:(none), proto TCP (SYN), [login to view URL]:45379->[login to view URL], len 60
[login to view URL] jun/14/2011 10:20:25 firewall,info companyCCC: input: in:ether1WAN out:(none), proto UDP, [login to view URL]:53->[login to view URL], len 81
Possible variables:
date,time,alerttype,sitenameifexists,protocol,sourceip,sourceport,destinationip,destinationport