firewall log viewing, sorting or alerting - snort & acid ?

Daniel cottmain at
Sun Dec 8 01:24:14 EST 2002

Hello All,
I'm running a Woody iptables firewall with no x-windows and I'm so new
to reading logs I'm not sure I'd  notice a successful intrusion attempt
if I fell over one.  

For a 'paranoid' approach what about something like:
- setup syslog-ng(tcp) or metalog(can use bzip2) to log on another
machine, compress & maybe e-mail the logs, and logrotate[sounds easy]
- use a log analysis tool to simplify reading them and perhaps automate
or escalate alert response ... this is the hard bit as it's difficult to
choose the right tool. There's another machine available to send
duplicate logs to if needed, and maybe even better to check the logs out
from there.

What about snort and acid as tools? Am I heading in the right direction?
Are they the easiest way to keep an eye on logs for beginners?  (iplimit, iptrap)

Thanks for your good replies on
"Examples of 'dpkg --get-selection > packagesinstalled.txt' for
firewall" ...


More information about the linux mailing list