Already a parser is starting to become fleshed out, with some simple tweaking it should be relatively simple to do, especially if all entries are one liners, which greatly reduces logic and the need for something along the lines of a quasi statemachine..Suggestions: You are able to view the data in some way shape or form, so I would + either A) figure out how to get that data out in a stream (I.e calling +an executable to provide that data on the fly for your parser) or B) instead of pulling the binary data, convert it to text, compr +ess that and munge the compressed text Determine what types of entries are in the file. Just looking at the data at hand I see at least 2 unique type of en +tries and a whole slew of other things to help with a parser. One msg from the kernel, and one msg from firewalld. Next we notice that the kernel is "Temporarily" blocking does it also log permanent blocks? does this line correlate to an earier firewalld line? The firewalld process is stating it denied a packet.. There is all sorts of juicy bits in there.. First off, the deny. What other actions can it take? Then the interface.. what other interfaces are there? The next number is interesting as I have no idea what its correl +ated to do all denies get stamped with 48? or packets on eth0, or tcp packets, or tcp packets destined for X port? Next the type what other types are coming through?..
In reply to Re: Extracting data from a firewall log
by l2kashe
in thread Extracting data from a firewall log
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |