This page is meant to help collect parsers for log files. Post a comment with either a link to your parser or past the parser in here if it is not too big.
Trackback URL for this post:
http://www.secviz.org/trackback/8
Syndicate
User login
Navigation
Cap2CSV - Another pcap file and live capture parser
Just something I put together recently. It's not as powerful as the tcpdump2csv, but I thought some might find it useful. I'll add in the option to pick the number of packets to capture so live captures can be easily piped over to other scripts. Feedback encouraged.
-Jase
usage:
Example usage
src:
Cap2CSV
QuickParser
In the spirit of sharing and in the hopes of prodding a co-conspirator into finishing *his* better, stronger and faster parser, I have released the source to Quick Parser; my regex-less log parser specifically for Juniper (Netscreen) firewall logs.
Apache2Dot.pl
This script reads Apache web server logs and generates dot files usable in GraphViz.
Apache2Dot.pl
An example can be found here.
Snort Alert
An snort parser for Snort Alert files. This is part of the AfterGlow distribution
Netfilter/iptables log parser
I have written a parser for Netfilter log messages called "nf2csv", and it is distributed with the psad project.
You can download nf2csv here:
http://www.cipherdyne.org/psad/download/nf2csv
--
Michael Rash
http://www.cipherdyne.org/
Argus
An argus parser for Argus output. This is part of the AfterGlow distribution
TCPDump
This is a parser for tcpdump. This is part of the AfterGlow distribution.
PacketFilter
This pf parser parses PF firewall logs from OpenBSD. This is part of the AfterGlow distribution.
Sendmail
This sendmail parser will help you merge the two log entries (the to: and the from:) entry into one output line. You can also choose which fields you want to have in the output. And the best: It outputs CSV files that you can easly process further. This is part of the AfterGlow distribution.