Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

n1vux (1492)

  (email not shown publicly) ... x.cgi?BillRicker
AOL IM: n1vux (Add Buddy, Send Message)
Yahoo! ID: n1vux (Add User, Send Message)

Only started with Perl4 and Perl5 in 1995. I was doing AWK etc for 12 years before that, and resisted switching. I've been doing OO since before C++ hit bigtime, with Objective-C and SmallTalk, so I really like the (no longer new) Perl5 OO style; and the Lispish Map style is also an old friend. What do I hack with Perl? All data that passes my way; systems monitoring scripts at $DayJob, weather data at night, and I cheat on NPR word puzzles. Member: [] [] /. LinkedIn []

N1VUX is my FCC-issued ham radio callsign.

Journal of n1vux (1492)

Thursday January 03, 2008
11:46 AM

InfoSec Writers : Using Perl, Postgres and ...

[ #35277 ]
Found on InfoSec Writers

Using Perl, Postgres and SQL to build a Comprehensive, Searchable Database of Firewall Activity on a Checkpoint firewall on the Cheap by Thomas Munn on 23/12/07

One of the biggest problems in computer security is how to deal with logs. Firewall logs are especially difficult because they often run into the tens to hundreds of gigabytes, and searching them requires expensive, proprietary packages. The purpose of this paper is to help instruct the reader in how to use Postgres and Perl to have a queryable database using checkpoint log files. I do not cover other firewalls but the ideas herein could be applied to almost any firewall supporting output to text files. This paper will give the security practitioner to perform data mining on otherwise useless logfiles. Using the methods described in this document enabled the author to query for almost anything imaginable from a total of 450,000,000 records in under ten minutes. The cost: The cost of the hardware.

Above reviewlet PDF

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.