try LogDog to act on the syslog data...it sends all syslog log files through a pipe and scans for specific data...then you can email the complete message to anyone. It can have a negative performance impact depending on the number of sustained syslog logs being generated....but I used it on a system receiving syslog logs from over 200 routers and didn't see any issues. Of course syslog-ng can also do this....but I found logdog easier to implement. Not sure how you can automate the abuse email address?? You can specify a perl script from within the logdog conf file that could do a dig on the ip address from the source address...but that's just me thinking out loud. I think you'll find many programs out there that can do this...both commercial and opensource...but you'll need to do some customization. steve On Monday 29 December 2003 09:04 am, Jason Lixfeld wrote:
We're a small company but none the less are inundated with firewall logs reporting numerous attempts to find holes in our network; c'est la vie. Seeing as how we are small, we don't have the resources to go through and send emails off to the abuse departments of each network sourcing the probes. Question is: Has there been development of some sort of intelligent unix land app that can understand Cisco syslog output, find the abuse departments of the sourcing networks and send them off a nice little FYI?