--On Monday, September 26, 2005 13:58:01 +0200 Administrator Chat-Net
<[EMAIL PROTECTED]> wrote:
hi all,
on the webpage of intrusion[1] i saw that they have a login_failure
monitor. is that monitor still avalaible or is there another who does
replace it?
thx for reply
greetz
[1] http://www.intrusion.com/knowledge/article.aspx?ID=611166
My impression from reading that site is that the monitor scripts reference
are proprietary scripts written by Intrustion Inc., provided as part of the
SecureNet Sensor product they sell.
I'd guess that their script wouldn't be useful outside of their box anyway,
since it probably is looking at pre-collected data from their system.
For a general purpose monitor script you'd probably want something that
parses syslog output. There is a syslog.monitor included with mon that
serves as a syslogd replacement, but I've never personally used it. (I
didn't like the 'must replace syslogd' requirement..)
I have a similar tool which watches the syslog log files and pattern
matches on the output, generating mon traps as necessary. I could probably
add it to the mon CVS area if anyone is interested in using it...
-David
David Nolan <*> [EMAIL PROTECTED]
curses: May you be forced to grep the termcap of an unclean yacc while
a herd of rogue emacs fsck your troff and vgrind your pathalias!
_______________________________________________
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon
