Number of visitors:
Latest version: 2.4.3
 

SnortALog: IDS/IPS and Firewall Log Analyser
 

Information
What is SnortALog
Features
Changelog
Screen Shots
Reports
Requirements

Downloads
Download Section
Additional Files

Development
SnortALog Code

Support
Usage
Examples
Documentation

Logs
Snort
CheckPoint
Pix
NetScreen
Brick
NetFilter
IPFilter
PacketFilter
TippingPoint
TippingPoint

Donate
Support SnortALog
My CV
Expected NETSCREEN logs
 
NETSCREEN syslog alert
Log 1: Apr 4 15:12:51 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [No Name]system-notification-00257(traffic): start_time="2006-04-04 15:12:51" duration=0 policy_id=320001 service=icmp proto=1 src zone=Null dst zone=self action=Deny sent=0 rcvd=28 src=AAA.BBB.CCC.DDD dst=AAA.BBB.CCC.DDD icmp type=8 session_id=0
Log 2: Apr 4 15:12:51 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [Root]system-notification-00535: PKI: Saved CA configuration (CA cert subject name OU=Secure Server Certification Authority,O=RSA Data Security, Inc.,C=US,) (2006-04-04 15:12:50)
Log 3: Apr 4 15:12:52 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [No Name]system-notification-00257(traffic): start_time="2006-04-04 15:12:20" duration=32 policy_id=31 service=snmp proto=17 src zone=ADM-SERV dst zone=Trust action=Permit sent=190 rcvd=184 src=AAA.BBB.CCC.DDD dst=AAA.BBB.CCC.DDD src_port=45328 dst_port=161 src-xlated ip=port=45328 session_id=32028
Log 4: Apr 4 16:04:14 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [Root]system-critical-00032: Malicious URL! From AAA.BBB.CCC.DDD:42581 to AAA.BBB.CCC.DDD:80, proto TCP (zone V1-Untrust, int v1-untrust). Occurred 1 times. (2006-04-04 16:04:15)
Log 5: Apr 5 14:35:14 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [Root]system-critical-00436: Large ICMP packet! From AAA.BBB.CCC.DDD to AAA.BBB.CCC.DDD, proto 1 (zone V1-Untrust, int v1-untrust). Occurred 1 times. (2006-04-05 14:35:14)
Log 6: Apr 24 15:29:32 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [Root]system-notification-00257(traffic): start_time="2006-04-24 15:29:31" duration=0 policy_id=320001 service=proto:112/port:0 proto=112 src zone=Null dst zone=self action=Deny sent=0 rcvd=48 src=AAA.BBB.CCC.DDD dst=224.0.0.18
Log 7: Apr 24 15:30:16 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [No Name]system-notification-00257(traffic): start_time="2006-04-24 15:30:13" duration=4 policy_id=15 service=http proto=6 src zone=DMZ dst zone=Trust action=Permit sent=1087 rcvd=7120 src=AAA.BBB.CCC.DDD dst=AAA.BBB.CCC.DDD src_port=6484 dst_port=80 src-xlated ip=AAA.BBB.CCC.DDD port=6484
Log 8: Apr 24 15:43:03 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [No Name]system-notification-00257(traffic): start_time="2006-04-24 15:43:03" duration=0 policy_id=320001 service=proto:88/port:0 proto=88 src zone=Null dst zone=self action=Deny sent=0 rcvd=60 src=AAA.BBB.CCC.DDD dst=224.0.0.10
Log 9: Apr 24 15:54:27 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [No Name]system-notification-00257(traffic): start_time="2006-04-24 15:54:26" duration=0 policy_id=320001 service=udp/port:1985 proto=17 src zone=Null dst zone=self action=Deny sent=0 rcvd=48 src=AAA.BBB.CCC.DDD dst=224.0.0.2 src_port=1985 dst_port=1985
Log 10: Apr 24 16:01:08 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [Root]system-notification-00257(traffic): start_time="2006-04-24 16:01:05" duration=4 policy_id=13 service=tcp/port:3306 proto=6 src zone=DMZ2 dst zone=Trust action=Permit sent=1109 rcvd=1007 src=AAA.BBB.CCC.DDD dst=AAA.BBB.CCC.DDD src_port=28176 dst_port=3306 src-xlated ip=AAA.BBB.CCC.DDD port=28176
Log 11: Apr 24 16:05:15 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [No Name]system-notification-00257(traffic): start_time="2006-04-24 16:05:15" duration=0 policy_id=320001 service=udp/port:1985 proto=17 src zone=Null dst zone=self action=Deny sent=0 rcvd=48 src=AAA.BBB.CCC.DDD dst=224.0.0.2 src_port=1985 dst_port=1985
Log 12: Apr 24 17:44:26 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN system-critical-00413: No tcp flag has been detected! From AAA.BBB.CCC.DDD:56411 to AAA.BBB.CCC.DDD:1392, using protocol TCP, and arriving at interface v1-untrust in zone V1-Untrust.The attack occurred 1 times. (2006-04-24 18:08:29)
Log 13: Apr 24 19:55:17 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [Root]system-critical-00438: FIN but no ACK bit! From AAA.BBB.CCC.DDD:57491 to AAA.BBB.CCC.DDD:6346, proto TCP (zone V1-Untrust, int v1-untrust). Occurred 1 times. (2006-04-24 19:55:17)
Log 14: Apr 24 21:08:21 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN system-critical-00032: Malicious URL has been detected! From AAA.BBB.CCC.DDD:3562 to AAA.BBB.CCC.DDD:80, using protocol TCP, and arriving at interface v1-untrust in zone V1-Untrust.The attack occurred 1 times. (2006-04-24 21:32:25)
Log 15: Apr 4 15:12:50 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [Root]system-notification-00019: Syslog has been enabled. (2006-04-04 15:12:50)
Log 16: 2005-03-01 09:45:08 Local0.Notice 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [No Name]system-notification-00257(traffic): start_time="2005-03-01 09:45:17" duration=0 policy_id=20 service=tcp/port:2386 proto=6 src zone=Trust dst zone=Untrust action=Deny sent=0 rcvd=0 src=AAA.BBB.CCC.DDD dst=AAA.BBB.CCC.DDD src_port=2809 dst_port=2386<000>
Log 17: 2005-03-01 09:45:13 Local0.Notice 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [No Name]system-notification-00257(traffic): start_time="2005-03-01 09:45:22" duration=0 policy_id=21 service=tcp/port:3472 proto=6 src zone=Trust dst zone=Untrust action=Deny sent=0 rcvd=0 src=AAA.BBB.CCC.DDD dst=AAA.BBB.CCC.DDD src_port=2809 dst_port=3472<000>
Log 18: 2005-03-01 09:45:04 Local0.Notice 127.0.0.1 HOST_NETSCREEN: NetScreen device_id=HOST_NETSCREEN [Root]system-notification-00019: Syslog has been enabled. (2005-03-01 09:45:14)<000>
 
  
 
 
Snort Perl Linux

powered by Jérémy Chartier
© SnortALog 2000-2011