[Novalug] Router logfile scripting question

Rich Goodwin Rich.Goodwin@cox.net
Fri Nov 27 08:00:44 EST 2009


I started looking at the router log files and want to do a whois on some
entries noted in the file.  I started using whois and extracting some
attributes without any issue.  Most queries run fine but some return
nothing saying the query limit has been exceeded.

So the questions I have are: 
     1. does anyone run through their log files? 
             1. If so, what investigation do you do? 
     2. What system tools, such as whois, do you use to look IPs up? 
             1. What about htdig, nslookup? 
             2. Others? 
     3. What filters are used on the routers? 
             1. LinkSys 
             2. D-Link 
             3. Zyzel 

My review showed alot of blocked addresses and ports which I would like
to get a better understanding of.  Being as some were listed as blocked,
I feel somewhat ok.  I want to cull the logs down so I can better see
what, if anything, is getting through.  If one looked at the country of
the blocked IPs, one could get a tad concerned.  What did get my
attention where the IPs that were blocked but had NO whois info
returned....

Rich




More information about the Novalug mailing list