Logrep is a secure multi-platform framework for the collection, extraction, and presentation of information from various log files. It features HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs, and supports more than 15 popular systems including Snort, Squid, Postfix, Apache, syslog, ipchains, iptables, NT event logs, Firewall-1, and Pix.
logrep-light is a downsized version of logrep, allowing you to analyze logfiles you already have. It contains logrep parsing modules only.
perl bin/module-xxxxx.pl options
(Assuming that you run this command from logrep light inst.directory on linux and xxxxx is a module name.)
Options
Option | Description |
---|---|
-l, --logfile log file path | Required. Log file to be analyzed. Must exist. |
-w, --webdir directory | Required. Reports will be generated in this directory. Created automatically if it doesn't exist before. |
-s, --subset subset list | Optional. Sometimes, you need to limit logrep analysis to a subset of the attributes only. This option allows you to specify a comma separated list of attributes you want to analyze. Other attributes will be discarded. By default, all attributes are analyzed. |
-r, --singlevector | Optional. By default, logrep analyzes every combination of attributes. As an example:
Logrep performs following analysis if you specify subset "from,document,to" with two dimensions:
Sometimes, you may only be interested in analyzing the combination from-document. By specifying this option, you can instruct logrep to perform from,document analysis only. That approach will also allow to run analysis in many dimensions without using large amounts of system resources. NB! Option dimension is ignored as a consequence of that behaviour and is automatically set to the number of attributes to be analyzed. |
-d, --dimension dimension | Optional. Specifies the depth of logrep analysis. Default is 2.
Maximum value can be the number of attributes to be analyzed.
NB! Logrep with many dimensions uses large amounts of system resources. It is strongly recommended to limit the number of dimensions and the attribute set by using options -d and -s respectively. |
-u, --lookup lookup list | Optional. Some of the attributes may contain data that
you want to translate to more human friendly values via a lookup. Examples are DNS reverse lookup,
months or return codes. This option allows you to instruct logrep for performing lookups.
A lookup list is a comma separated attribute:lookup type
pairs.
Example:
NB! This is experimental and currently supports DNS reverse lookups only. |
--dns server list | Optional. If the default DNS configuration on your machine doesn't work for reverse DNS lookups (see option -u), then you can use this option to specify a comma separated list of DNS servers. |
-v, --verbose | Optional. Produces statistics during analysis, lookup and reporting phases. Useful to gauge logrep performance on your machine. |
module-firewall1.pl -l fwlog.log -w webfw
Runs Firewall-1 reporting module for on the logfile fwlog.log and generates logrep reports in the webfw directory. All available attributes are analyzed in two dimensions by default.
module-snort.pl --verbose -l snort.log -w websnort -d 3 -s "month,from,event"
module-netscreen.pl -l netscreen.log -w webnetsc -s source,errortype,severity,destination -u source:dns --dns 10.10.10.2