Aruba networks log parser (HackItaly outcome #1)
Before escaping an high pressure itsec routine with a week of vacation in Mallorca, on 19-21 July I went to a nice meeting in Venice, called HackItaly, on Walter Franchetti’s suggestion. More than an hacking conference it’s a meeting of young Web-2.0/Mobile-App developers. Words apart (and Words matter) there was some nice human capital and I met people who would perfectly fit in a Security Research Team as juniors, if only they were not tying to build a future pulling pants to investors. An you know, especially in the myopic Italy, investors are those who pull pants down to young human material.
Anyway in this jungle of Facebook, API, Responsive CSS, Json and Non-Relational Databases I found somebody who was speaking a language more similar to me, the tech guy of H-Farm, Marco, who was fighting against the crowd to provide a decent service. In the end while everybody was busy developing for the day after contest we spent our night in front of 80×24 xterms, setting up some infrastructure machine, sniffing passwords (no SSL offence, there is still people who does clear-text auths) and building a syslog server for the Aruba Network infrastructure.
So, here’s a little perl parser https://github.com/isgroup-srl/aruba-logparse for the ugly format sent by these expensive devices to our rsyslogd. It could be easily extended with some “action” callbacks (maybe using ah hash of anonymous functions?). If you ask, i have no idea why Parse::Syslog was not working well with File::Tail, so we had to surrender and use a regexpr (at last not a POSIX one, thanks Perl/PCRE!).
In the end, if you feel that this development world fall short, why don’t apply to join a security research team? We are USH, an ethical, non-commercial, no-bullshit, under-hype but definitely kick-ass group of individuals. We are the Jargon, we are the Manifesto, and we do hack.