ASM event log output formatting
I (like so many others, I suspect) was so impressed with F5's use of Logstalgia to visualise ASM defending against a number of L7 attacks at Interop this year, that I thought I'd have a play with it to see if there was any way I could produce something similar for our management. I've had a bit of pretty success using raw Apache logs (enough to get my managers' ears pricked up anyway) and now I'm looking to see if there's a way of shoehorning ASM's log output into any of the standard log formats that Logstalgia likes:
NCSA Common Log Format (CLF)
Does anyone know of an easy way to do this without writing a bespoke parser? Furthermore, Imagine an iControl hook that fed HSL log data through a parser and into server running a real-time instance of Logstalgia? Real time Empire Strikes Back Skiddie Pong - better than trying to write it down or explain to a manager what an L7 DDoS attack might "look" like if you could actually see it.
A great piece of work by the way. Hopefully see some of you guys there next year.
Horse