cisco_ios2dlf(1) debian man page | unix.com

Debian Man Pages Latest Topics

Man Page: cisco_ios2dlf

Operating Environment: debian

Section: 1

CISCO_IOS2DLF.IN(1)					  LogReport's Lire Documentation				       CISCO_IOS2DLF.IN(1)


NAME

       cisco_ios2dlf - convert cisco logs to dlf format


SYNOPSIS

       cisco_ios2dlf


DESCRIPTION

       This script expects syslog-type logs from a CISCO IOS router on stdin.  These look like e.g.

	Jul  3 00:00:39 router 40108: 4d09h: %SEC-6-IPACCESSLOGP:
	 list FR_VA_in permitted udp 192.168.19.1(137) (Serial0/0.2 DLCI 120)
	 -> 192.168.19.255(137), 2 packets
	Jul  3 00:02:39 router 40109: 4d09h: %SEC-6-IPACCESSLOGP: list FR_VA_in
	 permitted udp 192.168.80.42(138) (Serial0/0.2 DLCI 120) ->
	 192.60.60.148(138), 1 packet
	Jul  3 00:02:39 router 40110: 4d09h: %SEC-6-IPACCESSLOGDP: list FR_VA_in
	 permitted icmp 192.168.80.82 (Serial0/0.2 DLCI 120) -> 149.1.1.1 (8/0),
	 1 packet

       or

	Aug 19 04:02:34 gateway.foo.bar 218963: Aug 19 04:02:32.977:
	 %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state
	 to down
	Aug 19 04:02:34 gateway.foo.bar 218964: Aug 19 04:02:33.262:
	 %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 172605440 acme,
	 call lasted 42 seconds
	Aug 19 04:02:35 gateway.foo.bar 218965: Aug 19 04:02:33.266:
	 %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
	Aug 19 04:02:38 gateway.foo.bar 218966: Aug 19 04:02:36.103:
	 %SEC-6-IPACCESSLOGP: list 102 denied tcp 100.198.139.148(4652) ->
	 100.193.176.49(80), 1 packet
	Aug 19 04:02:45 gateway.foo.bar 218967: Aug 19 04:02:43.543:
	 %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 86 changed to down
	Aug 19 04:02:53 gateway.foo.bar 218968: Aug 19 04:02:51.471:
	 %SEC-6-IPACCESSLOGP: list 102 denied tcp 100.74.103.1(2162) ->
	 100.193.176.98(80), 1 packet

       The outputted dlf files look like:

	994118619 permitted icmp 192.168.80.9 - Serial0/0.2 DLCI_120
	 192.168.19.1 - 1
	994118619 permitted udp 192.168.19.1 138 Serial0/0.2 DLCI_120
	 192.168.19.255 138 1


EXAMPLES

       To process a log as produced by Cisco IOS:

	$ cisco_ios2dlf < cisco.log

       cisco_ios2dlf will be rarely used on its own, but is more likely called by lr_log2report:

	$ lr_log2report cisco_ios < /var/log/cisco.log


AUTHORS

       Francis J. Lacoste based on initial code by Joost Bekkers <joost@jodocus.org>


VERSION

       $Id: cisco_ios2dlf.in,v 1.8 2006/07/23 13:16:35 vanbaal Exp $


COPYRIGHT

       Copyright (C) 2001 Joost Bekkers <joost@jodocus.org> Copyright (C) 2002 Stichting LogReport Foundation <logreport@logreport.org>

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

Lire 2.1.1							    2006-07-23						       CISCO_IOS2DLF.IN(1)
Related Man Pages
bind8_query2dlf(1) - debian
lr_check_superservice(1) - debian
referer2dlf(1) - debian
lire::firewall::ipfilterdlfconverter(3pm) - debian
lire::welf(3pm) - debian
Similar Topics in the Unix Linux Community
0 byte file with no name????
Help with Default Gateway
Count events occured in the same second in awk
Inconsistency between RedHat 6.5 global gateway and single gateway leads to loss of default gateway
IPMP group failed on Solaris 9