Jump to content


Photo
- - - - -

Syslog


  • Please log in to reply
4 replies to this topic

#1 SchippStrich

SchippStrich

    SUP3R 31337 P1MP

  • Members
  • 293 posts
  • Country:
  • Gender:Male
  • Location:USA

Posted 20 January 2010 - 07:48 PM

I'm trying to put the output of all Nmap scans to syslog.

I've read the man pages(syslog, syslog.conf) several times and cannot figure out how I would use normal programs/processes(The one I want at the moment is Nmap) to output std err/in/out.
I'm not sure if it can be done.
As for as I know you can only use the subsystems provided i.e. mail, auth, etc.
^ This is were my confusion is ^
As a temporary fix I have cron running a Nmap scan when called and then I'm using cron as a facility for syslog.
By the way it doesn't have to use the deprecated syslog, any of it's descendants will do.

Thanks
SchippStrich

Edited by schippystrich, 30 January 2010 - 04:26 AM.


#2 mecca_

mecca_

    DDP Fan club member

  • Members
  • 54 posts

Posted 01 February 2010 - 11:39 AM

I'm really not sure what your ultimate goal is here. Why on earth would you want nmap scans to go to syslog? If it's to generate some sort of log of all the scans you've done it would be much more worthwhile to write a wrapper around nmap and send the results to some sort of database. Or even a flat file other than syslog for that matter.

Anyway, most general purpose applications don't have an interface to write to syslog directly. You can instead use the "logger" command to redirect output to syslog.

Example: (Note I purposely added a second /etc/hosts entry for 127.0.0.1 to generate an error and show that this error can be redirected to syslog as well)

genome:~# nmap localhost 2>&1 | logger
genome:~# tail /var/log/messages
Feb  1 08:34:10 genome logger: Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Feb  1 08:34:10 genome logger: Interesting ports on localhost (127.0.0.1):
Feb  1 08:34:10 genome logger: Not shown: 996 closed ports
Feb  1 08:34:10 genome logger: PORT      STATE SERVICE
Feb  1 08:34:10 genome logger: 22/tcp    open  ssh
Feb  1 08:34:10 genome logger:
Feb  1 08:34:10 genome logger: Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds


#3 SchippStrich

SchippStrich

    SUP3R 31337 P1MP

  • Members
  • 293 posts
  • Country:
  • Gender:Male
  • Location:USA

Posted 01 February 2010 - 02:05 PM

I'm really not sure what your ultimate goal is here. Why on earth would you want nmap scans to go to syslog?

I think this is dumb as well but it's for a class and I can't seem to figure out a better method. We each have a project and I've been done for two weeks so I was told to do this as an additive to keep me busy.

Anyway, most general purpose applications don't have an interface to write to syslog directly.

Yeah, I figured this was the case.

As for the practical uses I really don't know either, you read my mind.

The "logger" utility was a big help though.
Thanks

#4 Beave

Beave

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 350 posts

Posted 02 February 2010 - 12:51 PM

I'm really not sure what your ultimate goal is here. Why on earth would you want nmap scans to go to syslog?

I think this is dumb as well but it's for a class and I can't seem to figure out a better method. We each have a project and I've been done for two weeks so I was told to do this as an additive to keep me busy.

Anyway, most general purpose applications don't have an interface to write to syslog directly.

Yeah, I figured this was the case.

As for the practical uses I really don't know either, you read my mind.

The "logger" utility was a big help though.
Thanks


Add a "-t nmap", and then in syslog it'll show up as "nmap" rather than "logger". Just a thought :)

#5 SchippStrich

SchippStrich

    SUP3R 31337 P1MP

  • Members
  • 293 posts
  • Country:
  • Gender:Male
  • Location:USA

Posted 02 February 2010 - 09:36 PM

Add a "-t nmap", and then in syslog it'll show up as "nmap" rather than "logger". Just a thought :)

Thanks Beave, that will be useful.




BinRev is hosted by the great people at Lunarpages!