Personal blog, accepting guest commentary and links to things of interest.
March 4, 2005
Using GraphDefang to chart iptables drops
Thanks to Jason for his help, in the end the gshield config was almost exactly what we needed.
[code]
#!/usr/bin/perl -w
# Feb 25 13:40:30 bashful kernel: firewall: IN=eth0 OUT= MAC=00:0e:b6:69:a8:c7:12:54:4f:dc:b4:1c:08:00
SRC=64.124.2.53 DST=61.1.1.1 LEN=48 TOS=0×00 PREC=0×00 TTL=115 ID=11556 DF PROTO=TCP SPT=2213 DPT=135
WINDOW=8760 RES=0×00 SYN URGP=0
$event{’kernel’}{’iptables’} =
sub {
if ($text =~ m/^firewall: .* SRC=(\S+) DST=(\S+) .* DPT=(\d+)/) {
if ($unixtime > $MaxDBUnixTime) {
my $src = $1;
my $dst = $2;
my $dpt = $3;
$event = ‘iptables’;
$sender = $src;
$recipient = $dst;
$value1 = $dpt;
$FoundNewRow = 1;
}
}
};
[/code]
And an example:
internal links:
Aquarium
AirTemp = 74.00
TankTemp = 78.4
ORP = 437
Google Ads:
categories:
- All
- 419 (3)
- Adrienne's Head (116)
- America (21)
- archive (22)
- Art (173)
- Asshats in the News! (34)
- Books, Stories, etc (39)
- Conspiracy Theories (16)
- Fishtank/Reef (48)
- Guns and such (15)
- heli (8)
- Humor (113)
- Links (192)
- Misc (568)
- Motorcycle (27)
- movie reviews and thoughts (94)
- Music (123)
- political perspective (136)
- Security (97)
- Stupid Quiz's (102)
- Technology (243)
- The Almighty Buck (8)
- The Body (10)
- The Courts (36)
- the spews of Evil Bastard (26)
- Wireless (8)
search blog:
archives:
other:
- RSS 2.0
- Comments RSS 2.0
- Valid RSS
- Valid XHTML
- XFN
- Theme copyright © 2002–2008 Mike Little.
FlickrRss: "watchmen"
20 queries. 1.524 seconds