Table of Contents
Lire supports logs from many packet filter firewalls.
Cisco routers that use IOS can log activity via syslog. Lire is able to process the logs entries corresponding to the packet filters.
Example 10.1. IOS Log Sample
Aug 19 04:02:34 1.example.com.nl 218963: Aug 19 04:02:32.977: \ %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed \ state to down Aug 19 04:02:34 1.example.com.nl 218964: Aug 19 04:02:33.262: \ %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from \ 172605440 teraar, call lasted 42 seconds Aug 19 04:02:35 1.example.com.nl 218965: Aug 19 04:02:33.266: \ %LINK-3-UPDOWN: Interface BRI0:1, changed state to down Aug 19 04:02:38 1.example.com.nl 218966: Aug 19 04:02:36.103: \ %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.0.1(4652) -> \ 10.0.0.2(80), 1 packet Aug 19 04:02:45 1.example.com.nl 218967: Aug 19 04:02:43.543: \ %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 86 changed to down Aug 19 04:02:53 1.example.com.nl 218968: Aug 19 04:02:51.471: \ %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.0.3(2162) -> \ 10.0.0.4(80), 1 packet Aug 19 04:03:06 1.example.com.nl 218969: Aug 19 04:03:04.585: \ %ISDN-6-LAYER2DOWN: Layer 2 for Interface BRI0, TEI 86 changed to down Aug 19 04:03:10 1.example.com.nl 218970: Aug 19 04:03:08.867: \ %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.0.5(2342) -> \ 10.0.0.6(80), 1 packet Aug 19 04:03:12 1.example.com.nl 218971: Aug 19 04:03:10.771: \ %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.0.7(1093) -> \ 10.0.0.8(80), 1 packet Aug 19 04:03:36 1.example.com.nl 218972: Aug 19 04:03:34.373: \ %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.0.9(3173) -> \ 10.0.0.10(80), 1 packet