Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Syslog

Started by SchippStrich , Jan 20 2010 07:48 PM

Please log in to reply

4 replies to this topic

#1 SchippStrich

SUP3R 31337 P1MP

Members
293 posts

Country:
Gender:Male
Location:USA

Posted 20 January 2010 - 07:48 PM

I'm trying to put the output of all Nmap scans to syslog.

I've read the man pages(syslog, syslog.conf) several times and cannot figure out how I would use normal programs/processes(The one I want at the moment is Nmap) to output std err/in/out.
I'm not sure if it can be done.
As for as I know you can only use the subsystems provided i.e. mail, auth, etc.
^ This is were my confusion is ^
As a temporary fix I have cron running a Nmap scan when called and then I'm using cron as a facility for syslog.
By the way it doesn't have to use the deprecated syslog, any of it's descendants will do.

Thanks
SchippStrich

Edited by schippystrich, 30 January 2010 - 04:26 AM.

Back to top

#2 mecca_

DDP Fan club member

Members
54 posts

Posted 01 February 2010 - 11:39 AM

I'm really not sure what your ultimate goal is here. Why on earth would you want nmap scans to go to syslog? If it's to generate some sort of log of all the scans you've done it would be much more worthwhile to write a wrapper around nmap and send the results to some sort of database. Or even a flat file other than syslog for that matter.

Anyway, most general purpose applications don't have an interface to write to syslog directly. You can instead use the "logger" command to redirect output to syslog.

Example: (Note I purposely added a second /etc/hosts entry for 127.0.0.1 to generate an error and show that this error can be redirected to syslog as well)

genome:~# nmap localhost 2>&1 | logger
genome:~# tail /var/log/messages
Feb  1 08:34:10 genome logger: Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Feb  1 08:34:10 genome logger: Interesting ports on localhost (127.0.0.1):
Feb  1 08:34:10 genome logger: Not shown: 996 closed ports
Feb  1 08:34:10 genome logger: PORT      STATE SERVICE
Feb  1 08:34:10 genome logger: 22/tcp    open  ssh
Feb  1 08:34:10 genome logger:
Feb  1 08:34:10 genome logger: Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds

Back to top

#3 SchippStrich

SUP3R 31337 P1MP

Members
293 posts

Country:
Gender:Male
Location:USA

Posted 01 February 2010 - 02:05 PM

I'm really not sure what your ultimate goal is here. Why on earth would you want nmap scans to go to syslog?

I think this is dumb as well but it's for a class and I can't seem to figure out a better method. We each have a project and I've been done for two weeks so I was told to do this as an additive to keep me busy.

Anyway, most general purpose applications don't have an interface to write to syslog directly.

Yeah, I figured this was the case.

As for the practical uses I really don't know either, you read my mind.

The "logger" utility was a big help though.
Thanks

Back to top

#4 Beave

SUPR3M3 31337 Mack Daddy P1MP

Agents of the Revolution
350 posts

Posted 02 February 2010 - 12:51 PM

I'm really not sure what your ultimate goal is here. Why on earth would you want nmap scans to go to syslog?
I think this is dumb as well but it's for a class and I can't seem to figure out a better method. We each have a project and I've been done for two weeks so I was told to do this as an additive to keep me busy.
Anyway, most general purpose applications don't have an interface to write to syslog directly.
Yeah, I figured this was the case.

As for the practical uses I really don't know either, you read my mind.

The "logger" utility was a big help though.
Thanks

Add a "-t nmap", and then in syslog it'll show up as "nmap" rather than "logger". Just a thought