n-log database query

help with nlog-search.pl

Database:

The database is the file name of any file generated by the log2db.pl script packaged with nlog. It must reside in the directory specified as the $dbdir in nlog-config.ph.

Hosts:

This is a simple octet match, you can search all IP addresses in a subnet by filling in the first 3 octets and leaving the last one as '*', or any combination of specify octets and the '*' wildcard. 

Ports:

You can list as many different numeric port numbers here, separated by spaces.  You can also use the service name in combination with numeric ports or just the service names.  If '*' appears anywhere in this list, all ports will be shown.

Protocols:

You can enter any protocol, or a space separated list of protocols in lowercase here.  The keyword '*' can be used to list all protocols.  At the time of this writing, nmap-2.12 only supports tcp and udp, so maybe an option/drop-down list is more appropriate.

States:

You can enter any single port state that nmap reports, any combination of space separated states in lowercase letters, or the keyword '*' to show all of them.

( Questions? Contact the author at nlog@ings.com )