I'm trying to figure out how to parse a hit count log from my firewall. This log is a simple hit count dumped from my ASA, but I'm running into trouble parsing the exact info needed.
I'm looking to simply compile a list of incoming IP addresses and then prioritize somehow by the number of hits. I thought using MS Excel would be the easiest to group the IP address hits, but I'll use anything free to get the job done.
This log is just a simple dump of who has been abusing our external IP, and then they are added to a simple black-list.
2014-02-12 14:58:20 Local4.Info 192.168.0.1 Feb 12 2014 14:03:54: %ASA-6-106100: access-list outside_in permitted tcp outside/##.95.44.157(24802) -> inside/###.###.###.###(3389) hit-cnt 8 300-second interval [0x8fe88aaf, 0x0]
My trouble is the inbound IP address isn't a fixed entry. Which is where my limited experience ends.