Jow,
Giorgos Keramidas wrote:
On 2004-06-18 10:43, Uwe Kolsch <[EMAIL PROTECTED]> wrote:
Is there a tool for FBSD like logwatch on Linux, which can provide a detailed but still somehow summarized output based on the logging results of IPFW. I mean more detailed than this from the daily security run:
02010 557 48486 deny log ip from any to any out 10000 1026 49716 deny ip from any to any in setup 10003 3859 828227 deny ip from any to any in
... and more like this.
You can always write your own shell scripts to parse ipfw logs ;-)
I haven't heard of any summarizing tools, but if you feel that scripting your own is too much it shouldn't be too hard to roll a few custom scripts if you tell me what you're looking for in such a report.
You can send your daily logs to dshield.org and they will give a daily overview over what you send. They will use your information to do ' distributed IDS '. That means if you get port probed and the person doing that hits your network and other networks regularly, there will be a warning send out to the ISP that this person is being very abusive.
I use it myself, giving a match on my external interface and it will send just that.
Perhaps you can view their script, (perl), and adopt it to create the summary yourself.
- Giorgos
Cheers
-- Kind regards,
Remko Lodder |[EMAIL PROTECTED] Reporter DSINet |[EMAIL PROTECTED] Projectleader Mostly-Harmless |[EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
