[Q] Intrusion Detection, Log file parsing....
Richard Cottrill
richard_c at tpg.com.au
Mon Jan 21 21:30:10 EST 2002
There's a project called 'swatch' for the log monitoring. Never used it, the
description fits though.
Snort seems a nifty tool for intrusion detection; I do use it (via
Smoothwall and fiddling elsewhere) and it gives me all kinds of stuff that
seems to be useful. I read an article on IDS systems and they only threw in
snort to roast it (they said) and then they gave it their recommendation
over a whole bunch of expensive/proprietary stuff.
Richard
> -----Original Message-----
> From: linux-admin at lists.samba.org [mailto:linux-admin at lists.samba.org]On
> Behalf Of Donovan J. Edye
> Sent: Monday, January 21, 2002 9:53 AM
> To: Linux List
> Subject: [Q] Intrusion Detection, Log file parsing....
>
>
> G’Day,
>
> Environment:
>
> - Debian
> - IPTables based firewall
>
> I would like to accomplish the following:
>
> - Detect intrusion attempts
> - Have “something” look at syslog and other logs to see if there
> are any “funnies” in the logs (not necessarily to do with
> security, but say
> a disk getting full etc.)
>
> Has anyone got any suggestions or pointers?
>
> TIA
>
> -- Donovan
> ----------------------------------------------------------------------
> E-Mail: d.edye at bigfoot.com <mailto:d.edye at bigfoot.com> Web:
> www.edye.wattle.id.au/ <http://www.edye.wattle.id.au/>
> “If I throw a stick will you go away?”
> “Very funny Scotty. Now beam down my pants!”
> ----------------------------------------------------------------------
> GXExplorer - Freeware Delphi Windows Explorer Replacement
> and Delphi Components www.gxexplorer.org
> ----------------------------------------------------------------------
>
>
>
More information about the linux
mailing list