Sample SFClean XML output

<?xml version="1.0"?> <!DOCTYPE idslog [ <!ELEMENT idslog (logheader, logentries)> <!ELEMENT logheader (sfclientver, seriallabel, logcleandatetime, productid, productname, productmajorver, productminorver, productreleasever)> <!ELEMENT sfclientver (#PCDATA)> <!ELEMENT seriallabel (#PCDATA)> <!ELEMENT logcleandatetime (#PCDATA)> <!ELEMENT productid (#PCDATA)> <!ELEMENT productname (#PCDATA)> <!ELEMENT productmajorver (#PCDATA)> <!ELEMENT productminorver (#PCDATA)> <!ELEMENT productreleasever (#PCDATA)> <!ELEMENT logentries (logentry*)> <!ELEMENT logentry (entry, addlinfo*)> <!ELEMENT entry EMPTY> <!ATTLIST entry num CDATA #REQUIRED datetime CDATA #REQUIRED id CDATA #REQUIRED fromip CDATA #REQUIRED toip CDATA #REQUIRED count CDATA #REQUIRED protocol CDATA #IMPLIED fromport CDATA #IMPLIED toport CDATA #IMPLIED portscan CDATA #IMPLIED> <!ELEMENT addlinfo (#PCDATA)> <!ATTLIST addlinfo type CDATA #REQUIRED> ]> <idslog> <logheader> <sfclientver>1.00</sfclientver> <seriallabel></seriallabel> <logcleandatetime>36880.16211806</logcleandatetime> <productid>1</productid> <productname>BlackIce</productname> <productmajorver>0</productmajorver> <productminorver>0</productminorver> <productreleasever></productreleasever> </logheader> <logentries> <logentry> <entry num="0" datetime="36853.83930556" id="2003004" fromip="24.168.65.224" toip="24.66.203.180" count="2" toport="21" /> </logentry> <logentry> <entry num="1" datetime="36853.84703704" id="2000313" fromip="202.30.26.81" toip="24.66.203.180" count="1" toport="109" /> </logentry> <logentry> <entry num="2" datetime="36853.99348380" id="2003010" fromip="24.0.0.203" toip="24.66.203.180" count="2" toport="119" /> </logentry> <logentry> <entry num="3" datetime="36854.01296296" id="2003105" fromip="24.200.155.133" toip="24.66.203.180" count="4" toport="27374" /> </logentry> <logentry> <entry num="4" datetime="36854.79266204" id="2003105" fromip="64.229.2.115" toip="24.66.203.180" count="8" toport="27374" /> <addlinfo type="NetBiosName">VR</addlinfo> </logentry> <logentry> <entry num="5" datetime="36854.88190972" id="2003105" fromip="64.230.96.122" toip="24.66.203.180" count="4" toport="27374" /> <addlinfo type="NetBiosName">VR</addlinfo> </logentry> <logentry> <entry num="6" datetime="36854.88322917" id="2003004" fromip="24.200.111.66" toip="24.66.203.180" count="3" toport="21" /> </logentry> <logentry> <entry num="7" datetime="36855.09101852" id="2003016" fromip="24.13.234.40" toip="24.66.203.180" count="2" toport="111" /> </logentry> <logentry> <entry num="8" datetime="36855.30057870" id="2003004" fromip="24.49.108.50" toip="24.66.203.180" count="2" toport="21" /> </logentry> <logentry> <entry num="9" datetime="36856.05425926" id="2003015" fromip="24.67.80.200" toip="24.66.203.180" count="1" toport="6000" /> </logentry> <logentry> <entry num="10" datetime="36856.05425926" id="2003019" fromip="24.67.80.200" toip="24.66.203.180" count="1" toport="6667" /> </logentry> <logentry> <entry num="11" datetime="36856.05427083" id="2003102" fromip="24.67.80.200" toip="24.66.203.180" count="185" portscan="1032,1058,1110,1155,1178,1346,1351,1354,1356,1359,1367,1370,1372,1375,1381,1385-1387,1394,1397,1400-1401,1405,1408,1411,1419-1420,1422,1425-1428,1431-1432,1438-1440,1444,1453-1454,1457,1464,1466-1467,1469,1473,1476,1478,1481,1483-1484,1488,1494" /> </logentry> <logentry> <entry num="12" datetime="36856.05427083" id="2000301" fromip="24.67.80.200" toip="24.66.203.180" count="1255" portscan="1,4,9-11,15,17,20-21,24,27,30-31,33-37,41,45-46,49,51,54,56-57,59,61-62,64,67,69,71-72,74,79-80,84,87,90,93,97,99,102,104-107,112-113,117,121-122,125,127,129,131,135-136,141-143,147,149,158,160-161,163-165,169-170,172,174,176,182,185,188,192,195" /> </logentry> <logentry> <entry num="13" datetime="36856.05438657" id="2000302" fromip="24.67.80.200" toip="24.66.203.180" count="10" /> </logentry> <logentry> <entry num="14" datetime="36856.05439815" id="2000302" fromip="24.67.80.200" toip="24.66.203.180" count="1" /> </logentry> <logentry> <entry num="15" datetime="36856.05439815" id="2000301" fromip="24.67.80.200" toip="24.66.203.180" count="50" portscan="4,15,24,33,45,54,117,127-131,136,163,201-206,247-248,256,263,270,279,287-288,332,366,385,421,429,443,470,493,502,512,520-521,531-534,548,599-604,614,621-628,639,665,757,766-768,773,804,809,814,822,839,846,860,886,923,928-929,947,953,968,973-979" /> </logentry> <logentry> <entry num="16" datetime="36856.12717593" id="2003019" fromip="38.29.122.172" toip="24.66.203.180" count="4" toport="6667" /> </logentry> <logentry> <entry num="17" datetime="36857.45222222" id="2003105" fromip="24.141.116.144" toip="24.66.203.180" count="4" toport="27374" /> <addlinfo type="NetBiosName">CO886452-A</addlinfo> </logentry> <logentry> <entry num="18" datetime="36857.45616898" id="2003004" fromip="209.241.255.242" toip="24.66.203.180" count="3" toport="21" /> </logentry> <logentry> <entry num="19" datetime="36857.82366898" id="2003016" fromip="12.109.179.130" toip="24.66.203.180" count="1" toport="111" /> </logentry> <logentry> <entry num="20" datetime="36858.42872685" id="2003102" fromip="24.22.218.23" toip="24.66.203.180" count="4" toport="52350" /> </logentry> <logentry> <entry num="21" datetime="36858.49103009" id="2003102" fromip="131.247.223.162" toip="24.66.203.180" count="2" toport="32444" /> <addlinfo type="NetBiosName">84W730B</addlinfo> </logentry> <logentry> <entry num="22" datetime="36858.54136574" id="2003004" fromip="195.120.158.150" toip="24.66.203.180" count="3" toport="21" /> </logentry> <logentry> <entry num="23" datetime="36858.81415509" id="2003105" fromip="63.229.27.78" toip="24.66.203.180" count="1" toport="1243" /> <addlinfo type="NetBiosName">HP-LAPTOP</addlinfo> </logentry> <logentry> <entry num="24" datetime="36859.16862269" id="2003105" fromip="24.18.185.213" toip="24.66.203.180" count="2" toport="27374" /> </logentry> <logentry> <entry num="25" datetime="36859.23135417" id="2003006" fromip="64.20.146.188" toip="24.66.203.180" count="4" toport="23" /> </logentry> <logentry> <entry num="26" datetime="36859.78546296" id="2003105" fromip="24.66.31.133" toip="24.66.203.180" count="4" toport="27374" /> <addlinfo type="NetBiosName">JASSAF</addlinfo> </logentry> <logentry> <entry num="27" datetime="36860.56862269" id="2003105" fromip="24.67.129.8" toip="24.66.203.180" count="2" toport="27374" /> <addlinfo type="NetBiosName">CS539471-A</addlinfo> </logentry> </logentries> </idslog>

gurneyh AT ix DOT netcom DOT com

Last modified: Sat Oct 30 23:21:23 PDT 2004