Hey all, after reading two PDFs on the CIDS setup and tinkering a bit, I'm slightly confused. I would like to write a short script to take the alerts generated by the IDS and pipe them to logger via cron every 5 minutes or so. The problem is I'm not sure where the alerts are being held. Are they the ones with names like "log.200209161909" (in /usr/nr/var)? If so then how do I get understandable output from them?
I'm sorry if this is a bit low-level, I'm really trying to grasp what is where on this sensor (a FreeBSD junkie stuck in Solarisville). Thanks for any help.
PS - If anyone has already written a text->logger script for this and is willing to post it I would appreciate it. :-)
The logfile in /usr/nr/var is the current active log it is a memory mapped file and there fore will not be able to be used easily by your script. The files in the /usr/nr/var/new directory are the completed logs and are human readable, albeit they will be time delayed depending on how often your log files in /usr/nr/var are being turned over.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...