I maintain ~4 Netscreen devices, not enough to justify diving into
the NSM software world ...
Currently all 4 devices syslog to a central server where I use swatch
to parse out the interesting events and pass them on to an internal
mailing list.
The emails are pretty dry, consisting only of the "interesting"
netscreen alert messages concatenated together.
I've been thinking that it would be pretty easy to post-process those
event logs so that (for instance) HTML markup can be embedded so that
the attack signature ID is wrapped in a HTML link to the online
knowledge base describing the attack. The same thing for any IP or
network data -- wrap those octets in a link that points to an online
tool allowing reverse-lookups, whois research, etc. etc.
Has anyone already done this? Since I read the alerts on my phone or
laptop, both of which have "HTML aware" email clients this would make
the Netscreen alerts slightly more useful, usable and informative.
I'm not looking to reinvent the wheel though so I figured I'd ask if
someone has already done this. Any tools out there for processing
Netscreen alert logs?
Regards,
Chris
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
|