cisco_ios2dlf

Langue: en

Autres versions - même langue

Version: 2006-07-23 (debian - 07/07/09)

Section: 1 (Commandes utilisateur)

Sommaire

NAME

cisco_ios2dlf - convert cisco logs to dlf format

SYNOPSIS

cisco_ios2dlf

DESCRIPTION

This script expects syslog-type logs from a CISCO IOS router on stdin. These look like e.g. 
  Jul  3 00:00:39 router 40108: 4d09h: %SEC-6-IPACCESSLOGP:
   list FR_VA_in permitted udp 192.168.19.1(137) (Serial0/0.2 DLCI 120)
   -> 192.168.19.255(137), 2 packets
  Jul  3 00:02:39 router 40109: 4d09h: %SEC-6-IPACCESSLOGP: list FR_VA_in
   permitted udp 192.168.80.42(138) (Serial0/0.2 DLCI 120) ->
   192.60.60.148(138), 1 packet
  Jul  3 00:02:39 router 40110: 4d09h: %SEC-6-IPACCESSLOGDP: list FR_VA_in
   permitted icmp 192.168.80.82 (Serial0/0.2 DLCI 120) -> 149.1.1.1 (8/0),
   1 packet

or

  Aug 19 04:02:34 gateway.foo.bar 218963: Aug 19 04:02:32.977:
   %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state
   to down
  Aug 19 04:02:34 gateway.foo.bar 218964: Aug 19 04:02:33.262:
   %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 172605440 acme,
   call lasted 42 seconds
  Aug 19 04:02:35 gateway.foo.bar 218965: Aug 19 04:02:33.266:
   %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
  Aug 19 04:02:38 gateway.foo.bar 218966: Aug 19 04:02:36.103:
   %SEC-6-IPACCESSLOGP: list 102 denied tcp 100.198.139.148(4652) ->
   100.193.176.49(80), 1 packet
  Aug 19 04:02:45 gateway.foo.bar 218967: Aug 19 04:02:43.543:
   %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 86 changed to down
  Aug 19 04:02:53 gateway.foo.bar 218968: Aug 19 04:02:51.471:
   %SEC-6-IPACCESSLOGP: list 102 denied tcp 100.74.103.1(2162) ->
   100.193.176.98(80), 1 packet

The outputted dlf files look like:

  994118619 permitted icmp 192.168.80.9 - Serial0/0.2 DLCI_120
   192.168.19.1 - 1
  994118619 permitted udp 192.168.19.1 138 Serial0/0.2 DLCI_120
   192.168.19.255 138 1

EXAMPLES

To process a log as produced by Cisco IOS: 
  $ cisco_ios2dlf < cisco.log

cisco_ios2dlf will be rarely used on its own, but is more likely called by lr_log2report:

  $ lr_log2report cisco_ios < /var/log/cisco.log

AUTHORS

Francis J. Lacoste based on initial code by Joost Bekkers <joost@jodocus.org>

VERSION

$Id: cisco_ios2dlf.in,v 1.8 2006/07/23 13:16:35 vanbaal Exp $ Copyright (C) 2001 Joost Bekkers <joost@jodocus.org> Copyright (C) 2002 Stichting LogReport Foundation <logreport@logreport.org>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with http://www.gnu.org/copyleft/gpl.html.