Sign in to follow this  
Followers 0
schippstrich

Syslog

5 posts in this topic

I'm trying to put the output of all Nmap scans to syslog.

I've read the man pages(syslog, syslog.conf) several times and cannot figure out how I would use normal programs/processes(The one I want at the moment is Nmap) to output std err/in/out.

I'm not sure if it can be done.

As for as I know you can only use the subsystems provided i.e. mail, auth, etc.

^ This is were my confusion is ^

As a temporary fix I have cron running a Nmap scan when called and then I'm using cron as a facility for syslog.

By the way it doesn't have to use the deprecated syslog, any of it's descendants will do.

Thanks

SchippStrich

Edited by schippystrich
0

Share this post


Link to post
Share on other sites

I'm really not sure what your ultimate goal is here. Why on earth would you want nmap scans to go to syslog? If it's to generate some sort of log of all the scans you've done it would be much more worthwhile to write a wrapper around nmap and send the results to some sort of database. Or even a flat file other than syslog for that matter.

Anyway, most general purpose applications don't have an interface to write to syslog directly. You can instead use the "logger" command to redirect output to syslog.

Example: (Note I purposely added a second /etc/hosts entry for 127.0.0.1 to generate an error and show that this error can be redirected to syslog as well)

genome:~# nmap localhost 2>&1 | logger
genome:~# tail /var/log/messages
Feb 1 08:34:10 genome logger: Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Feb 1 08:34:10 genome logger: Interesting ports on localhost (127.0.0.1):
Feb 1 08:34:10 genome logger: Not shown: 996 closed ports
Feb 1 08:34:10 genome logger: PORT STATE SERVICE
Feb 1 08:34:10 genome logger: 22/tcp open ssh
Feb 1 08:34:10 genome logger:
Feb 1 08:34:10 genome logger: Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds

0

Share this post


Link to post
Share on other sites
I'm really not sure what your ultimate goal is here. Why on earth would you want nmap scans to go to syslog?

I think this is dumb as well but it's for a class and I can't seem to figure out a better method. We each have a project and I've been done for two weeks so I was told to do this as an additive to keep me busy.

Anyway, most general purpose applications don't have an interface to write to syslog directly.

Yeah, I figured this was the case.

As for the practical uses I really don't know either, you read my mind.

The "logger" utility was a big help though.

Thanks

0

Share this post


Link to post
Share on other sites
I'm really not sure what your ultimate goal is here. Why on earth would you want nmap scans to go to syslog?

I think this is dumb as well but it's for a class and I can't seem to figure out a better method. We each have a project and I've been done for two weeks so I was told to do this as an additive to keep me busy.

Anyway, most general purpose applications don't have an interface to write to syslog directly.

Yeah, I figured this was the case.

As for the practical uses I really don't know either, you read my mind.

The "logger" utility was a big help though.

Thanks

Add a "-t nmap", and then in syslog it'll show up as "nmap" rather than "logger". Just a thought :)

0

Share this post


Link to post
Share on other sites
Add a "-t nmap", and then in syslog it'll show up as "nmap" rather than "logger". Just a thought :)

Thanks Beave, that will be useful.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0