Parser for service Packet Filter on openBSD
The log from service packet filter it's like this :
Dec 18 01:20:01 block in on em2: 10.19.1.2.27341 > 192.168.1.15.23
the last octet it's a port and when i use nw parser tool there are some issue to parse the IP and port
10.19.1.2.27341 only bold it's take to ipaddress.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
I believe the Rule syntax can be changed from 10.19.1.2.27341 to 10.19.1.2 27341 (Space between IP and Port)
Need delimiter (Not .) between IP and Port.
action [direction] [on interface]: [from src_addr [port src_port]] [to dst_addr [port dst_port]]