[Q] Intrusion Detection, Log file parsing....

Richard Cottrill richard_c at tpg.com.au
Mon Jan 21 21:30:10 EST 2002

There's a project called 'swatch' for the log monitoring. Never used it, the
description fits though.

Snort seems a nifty tool for intrusion detection; I do use it (via
Smoothwall and fiddling elsewhere) and it gives me all kinds of stuff that
seems to be useful. I read an article on IDS systems and they only threw in
snort to roast it (they said) and then they gave it their recommendation
over a whole bunch of expensive/proprietary stuff.


> -----Original Message-----
> From: linux-admin at lists.samba.org [mailto:linux-admin at lists.samba.org]On
> Behalf Of Donovan J. Edye
> Sent: Monday, January 21, 2002 9:53 AM
> To: Linux List
> Subject: [Q] Intrusion Detection, Log file parsing....
> G’Day,
> Environment:
> -          Debian
> -          IPTables based firewall
> I would like to accomplish the following:
> -          Detect intrusion attempts
> -          Have “something” look at syslog and other logs to see if there
> are any “funnies” in the logs (not necessarily to do with
> security, but say
> a disk getting full etc.)
> Has anyone got any suggestions or pointers?
> -- Donovan
> ----------------------------------------------------------------------
> E-Mail: d.edye at bigfoot.com <mailto:d.edye at bigfoot.com>  Web:
> www.edye.wattle.id.au/ <http://www.edye.wattle.id.au/>
> “If I throw a stick will you go away?”
> “Very funny Scotty. Now beam down my pants!”
> ----------------------------------------------------------------------
> GXExplorer - Freeware Delphi Windows Explorer Replacement
> and Delphi Components www.gxexplorer.org
> ----------------------------------------------------------------------

More information about the linux mailing list