[ale] Linksysmon report extract?

BruceG griffisb at bellsouth.net
Mon Apr 19 07:28:16 EDT 2004 

Hey all,

	I haven't built a transparent poxy server yet, still using my Linksys BEFSX41 
router. I'm using Linksysmon-1.1.2 to grab the router logs (through 
snmptrapd). The logs are written as a flat file to /var/log/linksys.log

	Have any of you come across a report tool that analyzes Linksys logs? I'l 
like to start putting that data into a more understandable format. 

The format looks like this:
Parse error: >                s: Print only last symbolic element of oid.<
Parse error: >                S: Print MIB module-id plus last element.<
Parse error: >                t: Print timeticks unparsed as numeric 
integers.<
Parse error: >                v: Print Print values only (not OID = value).<
Parse error: >                T: Print human-readable text along with hex 
strings.<
192.168.1.1     2004-04-18      22:43:10-0      system  @in TCP from 
24.163.153.16:3762 to 68.223.14.68:135.
192.168.1.1     2004-04-18      22:43:16-0      system  @in UDP from 
61.248.189.5:40126 to 68.223.14.68:1026.
192.168.1.1     2004-04-18      22:43:16-1      system  @in UDP from 
61.248.189.5:40127 to 68.223.14.68:1027.
192.168.1.1     2004-04-18      22:44:33-0      system  @out TCP from 
192.168.1.25:33099 to mail.bellsouth.net(205.152.59.16):110.
192.168.1.1     2004-04-18      22:44:42-0      system  @in TCP from 
218.148.229.90:3181 to 68.223.14.68:80.
192.168.1.1     2004-04-18      22:45:44-0      system  @out TCP from 
192.168.1.25:33100 to woogie.net(66.92.73.53):80.
192.168.1.1     2004-04-18      22:46:09-0      system  @out TCP from 
192.168.1.25:33101 to mail.yahoo.com(216.109.127.60):80.
192.168.1.1     2004-04-18      22:46:23-0      system  @out TCP from 
192.168.1.25:33104 to f407.mail.yahoo.com(66.218.78.177):80.
192.168.1.1     2004-04-18      22:46:26-0      system  @out TCP from 
192.168.1.25:33106 to view.atdmt.com(216.74.132.10):80.
192.168.1.1     2004-04-18      22:46:32-0      system  @in UDP from 
61.76.237.56:2769 to 68.223.14.68:1026.
192.168.1.1     2004-04-18      22:46:32-1      system  @out TCP from 
192.168.1.25:33107 to us.a1.yimg.com(209.249.123.46):80.
192.168.1.1     2004-04-18      22:46:32-2      system  @out TCP from 
192.168.1.25:33108 to us.i1.yimg.com(209.249.123.174):80.

It looks like I would drop records starting with "Parse error", and keep 
records starting with my router's inside IP address - 192.168.1.1. It also 
looks like I can get the date, time, direction (in or out), IP address from 
and to, protocol (udp or tcp) and port. Where DNS lookup is enabled, I get 
the name.

Bruce

More information about the Ale mailing list