format du fichier log de tcpdumpRésolu/Fermé

Question

Bonjour,
en faite je voudrais savoir le format du fichier log de la commande tcpdump, je me plante 
quelqu'un peut m'aider s'il vous plait
merci

hum · Answer

Bonjour à toi

http://openmaniak.com/fr/tcpdump.php

Extrait :

Lecture d'un fichier de capture:

#tcpdump -r capture.log

reading from file capture.log, link-type EN10MB (Ethernet)

09:33:51.977522 IP 192.168.1.36.40332 > rr.knams.wikimedia.org.www: P 1548302662:1548303275(613) ack 148796145 win 16527
09:33:52.031729 IP rr.knams.wikimedia.org.www > 192.168.1.36.40332: . ack 613 win 86
09:33:52.034414 IP rr.knams.wikimedia.org.www > 192.168.1.36.40332: P 1:511(510) ack 613 win86
09:33:52.034786 IP 192.168.1.36.40332 > rr.knams.wikimedia.org.www: . ack 511 win 16527

Les données capturées ne sont pas stockées en texte lisible, il n'est donc pas possible de les lire avec un éditeur de texte. Il est donc nécessaire d'utiliser un outil spécifique comme TCPdump ci-dessus, ou Wireshark (anciennement Ethereal) qui fournit une interface graphique.

Le fichier capture.log est ouvert avec Wireshark.

à+ si ça a aidé :)

hum · Answer

Re, (content si ça a pu t'aider, merci)

Pour Sawmill, je te laisse avec la page : http://www.sawmill.net/formats/tcpdump_no_options.html où tu peux y lire en anglais : Extrait : TCPDUMP : Sawmill is a tcpdump log analyzer (it also supports the 819 other log formats listed to the left). It can process log files in tcpdump format, and generate dynamic statistics from them, analyzing and reporting events. Sawmill can parse tcpdump logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database), aggregate them, and generate dynamically filtered reports, all through a web interface. Sawmill can perform tcpdump log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.

Sawmill prend actuellement en charge 819 formats de journaux ci-dessous.

# AboCom VPN Firewall FW550
# Active PDF
# Aladdin Esafe Gateway
# Aladdin eSafe Mail
# Aladdin eSafe Sessions (with URL category)
# Aladdin eSafe Sessions
# Aladdin eSafe Sessions Log Format v5/v6
# Amavis
# Annex Term Server
# Anti-Spam SMTP Proxy (ASSP)
# Apache Custom
# Apache Error
# Apache Error Log Format (syslog required)
# Apache SSL Request
# Apache/NCSA Combined Format (NetTracker)
# Apache/NCSA Combined Format With Cookie Last
# Apache/NCSA Combined Format With Server Domain After Agent
# Apache/NCSA Combined Format With Server Domain After Date
# Apache/NCSA Combined Format With Server Domain After Host
# Apache/NCSA Combined Format With Server Domain After Size (e.g. 1&1, Puretec)
# Apache/NCSA Combined Format With Server Domain Before Host
# Apache/NCSA Combined Format With Visitor Cookie
# Apache/NCSA Combined Format With WebTrends Cookie
# Apache/NCSA Combined
# Apache/NCSA Combined Log Format with Syslog
# Apache/NCSA Common Agent
# Apple File Service
# AppleShare IP
# Applied Identity WELF
# Arcserve NT
# Argosoft Mail Server
# Argosoft Mail Server Log Format (with dd-mm-yyyy dates)
# Argus
# Array 500 Combined
# Array SPX
# Aruba 800 Wireless LAN Switch
# Ascend
# AscenLink
# AspEmail (Active Server Pages Component for Email)
# Astaro Security Gateway
# Astaro SMTP Proxy
# Atom
# AutoAdmin
# Autodesk Network License Manager (FlexLM)
# Autodesk Network License Manager (FlexLM) Log Format (Enhanced Reports)
# Aventail Client/server Access
# Aventail Web Access
# Backup Exec
# Barracuda Spam Firewall - Syslog
# Barracuda Spyware Firewall / Web Filter
# Barrier Group
# BDS FTP
# BEA WebLogic
# BEA WebLogic
# BeatBox Hits Log Format (default)
# BigFire / Babylon accounting
# Bind 9 Log Format (Syslog required)
# Bind 9 Query
# BIND 9 Query Log Format (with timestamp)
# Bind 9 Update Log Format (with timestamp)
# Bind Query
# Bind Query Log Format With Timestamp
# Bind Response Checks
# Bind Security
# Bindview Reporting
# Bindview User Logins
# Bindview Windows Event
# Bintec VPN 25 or XL
# BitBlock
# Blue Coat Custom
# Blue Coat Instant Messenger
# Blue Coat
# Blue Coat Log Format (Alternate)
# Blue Coat RealMedia
# Blue Coat Squid
# Blue Coat W3C Log Format (ELFF)
# Blue Coat Windows Media
# Bluesocket
# Bomgar Box
# Borderware
# Borderware runstats
# bpft traflog
# bpft4
# bpft4 Log Format (with interface)
# BroadVision Error
# BroadVision Observation
# BroadWeb NetKeeper
# Bulletproof/G6 FTP Log Format (dd/mm/yy dates, 24-hour times)
# Bulletproof/G6 FTP Log Format (dd/mm/yyyy dates)
# Bulletproof/G6 FTP Log Format (dd/mm/yyyy dates, 24 hour times)
# Bulletproof/G6 FTP Log Format (mm/dd/yy dates)
# Bulletproof/G6 FTP Log Format (mm/dd/yyyy dates)
# Bulletproof/G6 FTP Log Format (yyyy/mm/dd dates)
# Bulletproof/G6 FTP Sessions
# Cell Technology IPS
# Centrinity FirstClass (m/d/yyyy)
# Centrinity FirstClass
# CFT Account
# Check Point SNMP
# Checkpoint Firewall-1 Binary Log Format [SUPPORTED ONLY AFTER TEXT EXPORT]
# Cisco 3750
# Cisco 827 Log Format (Kiwi, Full Dates, Tabs)
# Cisco Access Control Server
# Cisco Access Register
# Cisco ACNS log w/ SmartFilter
# Cisco As5300
# Cisco CE Common
# Cisco CE
# Cisco EMBLEM
# Cisco IDS Netranger
# Cisco IPS
# Cisco NetFlow
# Cisco NetFlow (flow-export)
# Cisco NetFlow (FlowTools ASCII Export)
# Cisco NetFlow (no dates)
# Cisco NetFlow (version 1)
# Cisco NetFlow Binary (DAT) Log Format (SUPPORTED ONLY AFTER ASCII EXPORT)
# Cisco PIX/ASA/Router/Switch
# Cisco PIX/IOS
# Cisco Router Log Format (no syslog)
# Cisco Router Log Format (Using Syslog Server)
# Cisco SCA
# Cisco Secure Server (RAS Access)
# Cisco SOHO77
# Cisco Voice Router
# Cisco VPN Concentrator
# Cisco VPN Concentrator (Comma separated - MMDDYYYY)
# Cisco VPN Concentrator (Comma-delimited)
# Cisco VPN Concentrator Syslog
# Cisco Wide Area Application Services (WAAS) TCP Proxy
# CiscoVPNConcentratorAlt
# CiscoWorks Syslog Server Format
# Citrix Firewall Manager Syslog
# Citrix NetScaler
# ClamAV
# Clavister Firewall Binary Log Format (SUPPORTED ONLY AFTER FWLoggqry.exe EXPORT)
# Clavister Firewall
# Clavister Firewall Log Format (CSV)
# Clavister Firewall Syslog
# Click To Meet
# Cognos Powerplay Enterprise Server
# Cognos Ticket Server
# ColdFusion Application
# ColdFusion Application Log Format (CSV)
# ColdFusion Web Server
# Combined Proxy
# Common Access
# Common Access Log Format (Claranet)
# Common Access Log Format (WebSTAR)
# Common Access Log Format, with full URLs
# Common Error
# Common Proxy
# Common Referrer
# Communigate
# Communigate Pro
# Complete Syslog Messages (report full syslog message in one field)
# Coradiant Log Format (object tracking)
# Coradiant TrueSight Log Format (object tracking) v2.0
# CP Secure Content Security Gateway
# Critical Path Mail Server POP/IMAP
# Critical Path Mail Server SMTP
# Cron
# CSV (Generic Comma-Separated Values)
# Cumulus Digital Asset Management Actions
# CWAT Alert
# Cyberguard Firewall (non-WELF) Audit
# Cyberguard WELF
# Cyberguard WELF
# Dade Behring User Account Format (With Duration)
# Dade Behring User
# DansGuardian 2.2
# DansGuardian 2.4
# DansGuardian 2.9
# Datagram Syslog Format
# Datagram SyslogAgent
# Declude SPAM
# Declude Virus
# DeepMail IMAP/POP3/SMTP Server
# Digital Insight Magnet
# DLink DI-804HV Ethernet Broadband VPN Router
# DNSone DHCP
# Domino Access
# Domino Agent
# Domino Error
# Dorian Event Archiver (Windows Event Log) Format
# Dovecot Secure IMAP/POP3 Server
# du Disk Usage Tracking Format (find /somedir -type f | xargs du)
# Easy Lender - Login Audit - Comma Separated
# EIMS Error
# EIMS SMTP (12 hour)
# EIMS SMTP (24 hour)
# EmailCatcher
# Enterasys Dragon IDS
# Event Reporter Logs (version 7)
# Event Reporter v6
# Eventlog to Syslog Format
# Exim 4
# Exim
# EZProxy
# F5 Load Balancer
# FastHosts
# FedEx Tracking
# Filemaker 3
# Filemaker
# FileZilla Server (d/m/yyyy)
# FileZilla Server (m/d/yyyy)
# Firebox
# Firepass
# FirePass SSL VPN
# Firewall-1 (fw log -ftn export)
# Firewall-1 (fw log export)
# Firewall-1 (fw logexport export)
# Firewall-1 Log Viewer 4.1 Export
# Firewall-1 Next Generation Full Log Format (text export)
# Firewall-1 Next Generation General Log Format (text export)
# Firewall-1 NG (text export)
# Firewall-1 Text Export
# Firewall1 Webtrends Log Format
# FirstClass Server
# Fiserv Financial Easy Lender - Unsuccessful Login Audit
# Flash FSP
# Flash Media Server
# Flex/JRun
# FortiGate Comma Separated
# FortiGate
# FortiGate Space Separated
# FortiGate Traffic
# Fortinet Log Format (syslog required)
# Foundry Networks BigIron
# Foundry Networks
# Free Radius
# FusionBot
# Gauntlet
# Gauntlet Log Format (yyyy-mm-dd dates)
# Gene6 FTP W3C
# GFI Attachment & Content
# GFI Spam
# GMS POP
# GMS POST
# GMS SMTP
# GNAT Box Log Format (Syslog Required)
# GNAT Box Syslogger (v1.3) Syslog
# Google
# GroupWise Internet Agent Accounting Log Format (2-digit years)
# GroupWise Internet Agent Accounting Log Format (4-digit years)
# GroupWise Post Office Agent
# Groupwise Web Access Log Format (dd/mm/yy)
# Groupwise Web Access Log Format (mm/dd/yy)
# GTA GBWare
# Guardix Log Format (IPFW)
# GW Guardian Antivirus
# GW Guardian Spam
# Helix Universal Server (Style 5)
# Helix Universal Server
# hMailserver
# honeyd
# Hosting.com
# htdig
# IAS Alternate
# IAS Comma-Separated
# IAS
# IBM HTTP Server
# IBM Tivoli Access Manager
# IBM Tivoli Access Manager WebSEAL
# IBM Tivoli NetView
# IceCast Alternate
# IceCast
# IIS (ODBC log source)
# IIS Extended (W3C) Web Server
# IIS Extended (W3C) Web Server Log Format (logged through a syslog server)
# IIS Extended
# IIS FTP Server
# IIS
# IIS Log Format (dd/mm/yy dates)
# IIS Log Format (dd/mm/yyyy dates)
# IIS Log Format (mm/dd/yyyy dates)
# IIS Log Format (yy/mm/dd dates)
# IIS SMTP Comma Separated
# IIS SMTP Common
# IIS SMTP W3C
# Imail Header
# iMail
# IMail
# iMail Log Format, Alternate
# InfiNet
# Ingate Firewall
# INN News
# INN News Log Format (Alternate)
# Instagate Access / Secure Access
# Intel NetStructure VPN Gateway
# Intermapper Event
# Intermapper Outages
# Intermapper Outages Log Format (dd mmm yyyy dates, 24-hour times)
# Intermapper Outages Log Format (mmm dd yyyy dates, AM/PM times)
# Internet Security Systems Network Sensors
# Intersafe HTTP Content Filter
# Interscan E-mail
# Interscan E-mail Viruswall
# Interscan Messaging Security Suite (emanager)
# Interscan Messaging Security Suite (virus)
# Interscan Messaging Security Suite Integrated
# Interscan Messaging Security Suite
# Interscan Proxy Log Format (dd/mm/yyyy dates)
# Interscan Proxy Log Format (mm/dd/yyyy dates)
# InterScan VirusWall (urlaccesslog)
# InterScan Viruswall
# Interscan Viruswall Virus
# Interscan Web Security Suite
# IOS Debug IP Packet Detailed (Using Syslog Server)
# IP Traffic LAN Statistics Log
# ipchains
# IPCop Syslog
# IPEnforcer
# ipfw
# iPlanet Error
# iPlanet Messaging Server 5/6 MTA
# Iplanet Messenger Server 5
# iPlanet/Netscape Directory Server Format
# iPlanet/Netscape
# IPMon Log Format (Using Syslog Server)
# iPrism (with syslog)
# iPrism Monitor
# iPrism-rt
# IPTables Config
# iptables
# IPTraf
# IPTraf TCP/UDP Services
# Ironmail AV Log Format (Sophos)
# Ironmail CSV
# Ironmail SMTP Proxy
# Ironmail SMTPO
# Ironmail Sophosq
# Ironmail Spam
# IronPort Bounce
# IronPort C-Series
# ISC DHCP Leases
# ISC DHCP
# ISS
# IST
# Jataayu Carrier WAP Server (CWS)
# Java Administration MBEAN
# Java Bean Application Server
# JBoss Application Server
# JIRA
# Juniper Networks NetScreen Traffic
# Juniper Secure Access SSL VPN
# Juniper/Netscreen Secure Access
# Kaspersky Labs AVP Client (Spanish)
# Kaspersky Labs AVP Server (Spanish)
# Kaspersky Labs for Mail Servers (linux)
# Kaspersky
# Kerio Mailserver Mail
# Kerio Network Monitor HTTP
# Kerio Network Monitor
# Kerio Winroute Firewall
# Kernun DNS Proxy
# Kernun HTTP Proxy
# Kernun Proxy
# Kernun SMTP Proxy
# Kiwi (dd-mm-yyyy dates)
# Kiwi (mm-dd-yy dates, with type and protocol)
# Kiwi (mm-dd-yyyy dates)
# Kiwi (mmm/dd dates, hh:hh:ss.mmm UTC times)
# Kiwi (yyyy/m/d hh:mm, tab separated) Syslog
# Kiwi (yyyy/mm/dd, space-separated) Syslog
# Kiwi CatTools CatOS Port Usage Format
# Kiwi Syslog (ISO/Sawmill)
# Kiwi Syslog (UTC)
# Kiwi YYYYMMDD Comma Syslog
# Know-how
# KS-Soft Host Monitor
# Lancom Router
# Lava2
# Limelight Flash Media Server
# LinkSys Router
# LISTSERV
# log4j
# LogSat SpamFilterISP Log Format B500.9
# LRS VPSX Accounting
# LSMTP Access
# LSMTP
# Lucent Brick
# Lucent Brick (LSMS) Admin
# Lyris MailShield
# MacOS X FTP
# Mail Enable W3C
# Mail Essentials
# Mailer Daemon
# Mailman Post
# Mailman Subscribe
# MailMax SE Mail POP
# MailMax SE SMTP
# mailscanner
# MailScanner Log Format (testfase)
# MailScanner Virus Log Format (email messages sent)
# MailStripper
# MailSweeper (24 Hour)
# MailSweeper (AM/PM)
# MailSweeper (long)
# McAfee E1000 Mail Scanner
# McAfee Secure Messaging Gateway (SMG) VPN Firewall
# McAfee Web Shield
# McAfee Web Shield XML
# MDaemon 7 (All)
# MDaemon 7
# MDaemon 8 (All)
# Merak POP/IMAP
# Merak SMTP
# Message Sniffer
# Metavante CEB Failed Logins
# Metavante
# Microsoft Elogdmp (CSV) Log Format (CSV)
# Microsoft Exchange Internet Mail
# Microsoft Exchange Server 2000 Log Format (comma separated)
# Microsoft Exchange Server 2000/2003
# Microsoft Exchange Server 2007 Log Format (comma separated)
# Microsoft Exchange Server
# Microsoft ICF
# Microsoft ISA 2004 IIS
# Microsoft ISA Server Log Format (W3C)
# Microsoft ISA Server Packet Logs
# Microsoft ISA WebProxy Log Format (CSV)
# Microsoft Media Server
# Microsoft Office SharePoint Server
# Microsoft Port Reporter
# Microsoft Proxy
# Microsoft Proxy Log Format (Bytes Received Field Before Bytes Sent)
# Microsoft Proxy Log Format (d/m/yy dates)
# Microsoft Proxy Log Format (d/m/yyyy dates)
# Microsoft Proxy Log Format (m/d/yyyy dates)
# Microsoft Proxy Packet Filtering
# Microsoft SQL Profiler Export
# Microsoft Windows Firewall
# Microtech ImageMaker Error
# MicroTech ImageMaker Media
# Mikrotik Router
# Minirsyslogd
# Mirapoint SMTP
# Mirapoint SMTP Log Format (Logged To Syslog)
# Miva Access
# Miva Combined Access
# MM/DD-HH:MM:SS Timestamp
# Mod Gzip
# MonitorWare
# MonitorWare (Alternate)
# MPS
# msieser HTTP
# msieser SMTP
# MTS Professional
# N2H2 / Novell Border Manager
# N2H2
# N2H2 Sentian
# Nagios
# NcFTP Log Format (Alternate)
# NcFTP Xfer
# NEMX PowerTools for Exchange
# Neoteris
# Neoteris/Netscreen SSL Web Client Export
# Nessus
# Net-Acct
# NetApp Filers Audit
# NetApp NetCache 5.5+
# NetApp NetCache
# NetContinuum Application Security Gateway
# Netegrity SiteMinder Access
# Netegrity SiteMinder Event
# NetForensics Syslog Format
# NetGear DG834G
# NetGear FR328S
# Netgear FVL328 Log Format (logging to syslog)
# Netgear FVS318
# NetGear
# Netgear Security
# Netgear Security Log Format (logging to syslog)
# Netilla
# NetKey
# Netopia 4553
# NetPresenz
# NetPresenz Log Format (24-hour times, d/m/y dates)
# NetPresenz Log Format (d/m/y dates)
# Netscape Extended
# Netscape Messenger
# Netscreen IDP
# NetScreen
# Netscreen SSL Gateway
# NetScreen Traffic Log Format (get log traffic)
# Netscreen Web Client Export
# Netstat Log Format (uses script generated timestamp from log or GMT time)
# Netwall
# Network Syslog Format
# nmap
# nnBackup
# No Syslog Header (use today's date, or use date/time from message)
# Nokia IP350/Checkpoint NG (fw log export)
# Norstar PRELUDE and CINPHONY ADC
# Nortel Contivity (VPN Router and Firewall)
# Nortel Meridian 1 Automatic Call Distribution (ACD)
# Nortel Networks RouterARN Format (SUPPORTED ONLY AFTER TEXT EXPORT)
# Nortel SSL VPN
# Norton Personal Firewall 2003 Connection
# Novell Border Manager
# Novell Border Manager
# Novell iChain Extended (W3C) Web Server
# Novell iChain W3C
# Novell NetMail 3.5
# Novell NetMail
# NTsyslog
# NVDcms
# O'Reilly
# OpenBSD Packet Filter (tcpdump -neqttr) Firewall
# OpenVPN
# Openwave Intermail
# Optima
# Oracle Application Server (Java Exceptions)
# Oracle Audit
# Oracle Express Authentication
# Oracle Failed Login Attempts
# Oracle Hyperion Essbase
# Oracle Listener
# Order
# Packet Dynamics
# Palo Alto Networks Firewall Threat
# Passlogd Syslog (Full Messages)
# Passlogd Syslog Format
# PeopleSoft AppServer
# Performance Monitor
# PHP Error
# Piolink Network Loadbalance
# PIX Firewall Syslog Server Format
# Planet-Share InterFax
# Plesk Server Administrator Web Log
# Policy Directory Audit
# Policy Directory Security Audit Trail
# PortalXPert
# portsentry
# Post Office Mail Server
# Postfix
# PostWorks IMAP
# PostWorks POP3
# PostWorks SMTP
# praudit
# Privoxy
# ProFTP
# Proxy-Pro GateKeeper
# ProxyPlus
# PsLogList
# PureFTP
# qmail (Syslog Required)
# qmail Log Format (TAI64N dates)
# qmail-scanner
# Quicktime Streaming Error
# Quicktime/Darwin Streaming Server
# RACF Security
# Radius Accounting
# Radius Accounting Log Format II
# Radius ACT
# Radware DefensePro
# Radware Load Balancing (Using Syslog Server)
# Raiden FTP
# RaidenMAILD
# RAIDiator Error
# Rapid Firewall
# Raptor
# Raptor Log Format (Exception Reporting)
# RealProxy
# RealServer Error
# RealServer
# RealServer Log Format, Alternate
# Redcreek System Message Viewer Format
# Rumpus
# SafeSquid Combined/Extended
# SafeSquid Log Format (logging to syslog server)
# SafeSquid Log Format (Orange)
# SafeSquid Standalone
# Samba Server
# Sambar Server
# SAS Firewall
# Sawmill messages.log
# Sawmill Tagging Server
# Sawmill Task
# Scanmail For Exchange
# Seconds since Jan 1 1970 Timestamp Syslog
# SecureIIS Binary Log Format (SUPPORTED ONLY AFTER TEXT EXPORT)
# SecureIIS
# Sendmail (no syslog)
# Sendmail for NT
# Sendmail
# Separ URL Filter
# Serv-U FTP
# Servers Alive (Statistics)
# Servers Alive
# Sharetech Firewall
# Sharewall
# ShareWay IP
# Shoutcast 1.6
# Shoutcast 1.8+
# SHOUTcast W3C
# Sidewinder Firewall
# Sidewinder
# Sidewinder Raw Log Format (SUPPORTED ONLY AFTER acat -x EXPORT)
# Sidewinder Syslog
# Simple DNS
# SIMS
# SiteCAM
# SiteKiosk 6
# SiteKiosk
# SiteMinder Policy Server
# SiteMinder WebAgent
# SL4NT (dd.mm.yyyy, commas without spaces)
# SL4NT (dd/mm/yyyy)
# SL4NT
# SLNT4
# SmarterMail
# SmartFilter (Bess Edition)
# SmartMaxPOP
# SmartMaxSMTP
# SmoothWall
# SmoothWall SmoothGuardian 3.1
# SNARE Epilog Collected Oracle Listener
# Snare for AIX
# Snare
# SNMP Manager
# Snort 2 Log Format (syslog required)
# Snort Log Format (standalone, mm/dd dates)
# Snort Log Format (standalone, mm/dd/yy dates)
# Snort Log Format (syslog required)
# SNORT Portscan
# Socks 5
# Software602
# Solar Winds Syslog
# SonicWall 5
# SonicWall or 3COM Firewall
# Sonicwall TZ 170 Firewall
# Sophos Antispam Message
# Sophos Antispam PMX
# Sophos Mail Monitor for SMTP
# Sophos Web Appliance
# Sourcefire IDS
# SpamAssassin
# spamd (SpamAssassin Daemon)
# Squarespace
# Squid Common
# Squid Common Log Format - Syslog Required
# Squid Event Log
# Squid Guard
# Squid
# Squid Log Format With Full Headers
# Squid Log Format With ncsa_auth Package
# Steel Belted Radius ACT
# Stonegate
# Sun ONE / Netscape Directory Server
# Sun ONE Directory Server Audit
# Sun ONE Directory Server Error
# Symantec AntiVirus Corporate Edition
# Symantec AntiVirus Corporate Edition (VHIST Exporter)
# Symantec Antivirus
# Symantec Enterprise Firewall 8
# Symantec Enterprise Firewall
# Symantec Gateway Security 2 (CSV)
# Symantec Gateway Security 400 Series
# Symantec Gateway Security Binary Log Format (SUPPORTED ONLY WITH TEXT EXPORT)
# Symantec Gateway Security Log Format (via syslog)
# Symantec Mail Security
# Symantec Mail Security Syslog Format
# Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0)
# Symantec System Console
# Symantec Web Security CSV
# Symantec Web Security
# Syslog (yyyymmdd hhmmss)
# Syslog NG (tab separated)
# Syslog NG
# Syslog NG Log Format (date with no year)
# Syslog NG Log Format (no date in log data; yyyymmdd date in filename)
# Syslog NG Log Format (no timezone)
# Syslog NG Messages
# Sysreset Mirc
# TACACS+ Accounting
# tcpdump
# tcpdump Log Format (-tt)
# tcpdump Log Format (-tt, with interface)
# tcpdump Log Format (-tt, with interface) Alternate
# Tellique
# TerraPlay Accounting
# TFS MailReport Extended
# Timestamp (mm dd hh:mm:ss)
# Tiny Personal Firewall
# tinyproxy
# Tipping Point IPS
# Tipping Point
# Tipping Point SMS
# Tivoli Storage Manager TDP for SQL Server Format
# Tomcat
# TomcatAlt
# Trend Micro Control Manager
# Trend Micro InterScan Messaging Security Suite eManager
# Trend Micro InterScan Web Security Suite Access
# Trend Micro ScanMail For Exchange
# Trend ServerProtect CSV Admin
# Trend Webmanager
# TrendMicro/eManager Spam Filter
# Unicomp Guinevere
# Unicomp Guinevere Virus
# Unix Auth
# Unix Daemon Syslog Messages
# UNIX FTP
# Unix Syslog
# Unix Syslog With Year
# Unreal Media Server
# URL-Scan (W3C)
# URLScan
# Useful Utilities EZproxy
# User Activity Tracking
# uw-imap
# Vamsoft Open Relay Filter Enterprise Edition
# VBrick EtherneTV Portal Server
# VICOM Gateway
# Vicomsoft Internet Gateway
# Vidius Combined
# Vircom
# Visonys Airlock
# W3C
# Wall Watcher
# WAP
# War FTP
# War FTP Log Format (Alternate)
# Watchguard Binary (WGL) Log Format (SUPPORTED ONLY AFTER TEXT EXPORT)
# Watchguard Firebox Export Header
# Watchguard Firebox Export Log Format (m/d/y format)
# Watchguard Firebox Export Log Format (y/m/d format)
# Watchguard Firebox V60
# Watchguard Firebox v60
# Watchguard Firebox X Core e-Series
# Watchguard Historical Reports Export
# Watchguard
# Watchguard SOHO
# Watchguard WELF
# Watchguard WSEP Text Exports Log Format (Firebox II & III & X)
# Watchguard XML
# Web Logic 8.1
# Web Sense
# Web Washer
# WebNibbler
# WebSEAL Audit
# WebSEAL Authorization (XML)
# WebSEAL CDAS
# WebSEAL Error
# WebSEAL Security Manager
# WebSEAL Wand Audit
# WebSEAL Warning
# WebSphere Business Integration Message Brokers User Trace
# WebSTAR FTP
# WebSTAR
# WebSTAR Proxy
# WebSTAR W3C Web Server
# Websweeper
# Webtrends Extended
# Webtrends Extended Log Format (Syslog)
# Welcome
# WELF date/time extraction (no syslog header)
# WELF Log Format (stand-alone; no syslog)
# Whatsup Syslog
# Whistle Blower Performance Metrics Log
# WhistleBlower (Sawmill 6.4)
# Win2K Performance Monitor
# Windows 2000/XP Event Log Format (export list-CSV) ddmmyyyy
# Windows 2000/XP Event Log Format (save as-CSV) dd/mm/yyyy
# Windows 2003 DNS
# Windows Event (Comma Delimited) dd.mm.yyyy
# Windows Event (Comma Delimited)
# Windows Event (Comma Delimited, m/d/yyyy days, h:mm:ss AM/PM times)
# Windows Event (Tab Delimited)
# Windows Event .evt Log Format (SUPPORTED ONLY AFTER CSV OR TEXT EXPORT)
# Windows Event Log (comma or tab delimited, no am/pm, 24h & ddmmyyyy)
# Windows Event Log Format (24 hour times, d/m/yyyy dates)
# Windows Event Log Format (ALTools export)
# Windows Event Log Format (dumpel.exe export)
# Windows Event Log Format (dumpevt.exe export)
# Windows NT Scheduler
# Windows NT Syslog
# Windows NT4 Event Log Format (save as-CSV)
# Windows Syslog Format
# Windows XP Event Log (Microsoft LogParser CSV Export)
# WinGate Log Format (no Traffic lines, dd/mm/yy dates)
# WinGate Log Format (no Traffic lines, mm/dd/yy dates)
# WinGate Log Format (with Traffic lines)
# Winproxy 5.1 Log Format (yyyy-mm-dd dates)
# WinProxy Alternate
# Winproxy Common
# Winproxy
# Winproxy Log Format (2-digit years)
# WinRoute Connection
# WinRoute Mail
# WinRoute Web
# WinSyslog
# Wipro Websecure Audit
# Wipro Websecure Auth (Alternate Dates)
# Wipro Websecure Auth
# Wipro Websecure Debug
# Wireshark (previously Ethereal)
# Wireshark/Ethereal/tcpdump Binary Log Format (SUPPORTED ONLY AFTER -r -tt CONVERSION)
# Wowza Media Server Pro
# WS_FTP
# WU-FTP
# WU-FTP Log Format (yyyy-mm-dd Dates, Server Domain)
# X-Stop
# XMail SMTP
# XMail Spam
# XWall
# Yamaha RTX
# Youngzsoft CCProxy
# Zeus Extended
# Zeus Log Format (Alternate Dates)
# Zone Alarm
# ZyXEL Communications
# Zyxel Firewall
# Zyxel Firewall WELF

Sawmill prend actuellement en charge 819 formats de journaux ci-dessus.

à+ si ça a pu t'aider :)

hum · Answer

Re,

SAUF SI TU LE SAVAIS : WIRESHARK (PREVIOUSLY ETHEREAL) :

http://www.sawmill.net/formats/ethereal.html

ETHEREAL est l'ancien nom pour WIRESHARK ... ;)

WIRESHARK tel qu'il est actuellement ne te plaît pas ? Simple question et pas d'avis perso.

à+ et merci d'avoir répondu promptement et positivement (t'es satisfait) aux messages :)

hum · Answer

Re

Liste de programmes utilisant libpcap/WinPcap

    * tcpdump permet la capture et la sauvegarde de paquets pour une analyse ultérieure, appelé WinDump sous Windows
    * Wireshark précédemment appelé Ethereal outil de capture et d'analyse de protocole en mode graphique sous Linux et Windows
    * Snort détecteur d'intrusion réseau
    * Nmap utilitaire de scan de ports
    * Autoscan-Network utilitaire de scan de ports (Windows et Linux)
    * Dynamips logiciel permettant d'émuler un réseau de routeurs Cisco

Dans le domaine de l’administration réseau, pcap est une interface de programmation (API) permettant de capturer un trafic réseau. Dans les systèmes Unix/Linux, pcap est implémenté au sein de la librairie libpcap. WinPcap est le portage sous Windows de libpcap.

Source : https://fr.wikipedia.org/wiki/Pcap

~La libpcap en Java : La bibliothèque libpcap est très connue pour ses capacités d'interception des données sur un réseau. Notamment employée par tcpdump, elle se trouve au cour de nombreux outils de surveillance et d'analyse réseau. Source: http://www.progx.org/index.php?section=articles&article=Java/article13.

FORMAT DU FICHIER (norme / algorithme) = libpcap ou WinPcap = PCAP

à+ si ce que tu souhaites :) => FORMAT = PCAP PCAP PCAP PCAP PCAP PCAP ;)

Format du fichier log de tcpdump

4 réponses

Discussions similaires

Newsletters