incident.pl is a small script that, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
|Tags||Internet Log Analysis Networking Monitoring Security|
|Operating Systems||OS Independent|
Release Notes: A bug has been fixed that caused ARIN to RIPE whois redirects to fail.
Release Notes: The ARIN whois server has recently changed whois server redirect information for RIPE, causing the RIPE whois server to not be checked. This has been fixed in this release.
Release Notes: A parsing bug has been fixed when processing ARIN entries with parentheses in them. The handling of WHOIS errors has been improved for servers such as whois.educause.net which handles many .edu sites. Redirects from whois.publicinterestregistry.net are now supported properly.
Release Notes: Whois output from whois.arin.net has changed, causing the script to not follow netblocks. The script has been updated to parse this output correctly.
Release Notes: This release fixes a bug which caused batch mode to incorrectly stop processing after no contacts were found for one entry.