----- Original Message ----- > Cool. I am just looking over splunk. Isn't that enough by it's own? or > is OSSEC needed to give it raw data? I think these two will take quite > some time to understand. Anything simpler out there as well? > > > Thanks, > Bruce > > > On Tue, Apr 13, 2010 at 10:42 AM, --[ UxBoD ]-- < [email protected] > > wrote: > > > > ----- Original Message ----- > > Speaking of all these attacks, are there any good web managed > > security monitor tools for CentOS out there that can be installed on > > the system > > so that it can give us a visual of let's multiple failed attempts > > against SSH or HTTPd? > > > > > > Something nice that is simple and doesn't eat a lot resources and > > spits out everything on the screen? > > > > > > Thanks, > > Bruce > > How about http://www.ossec.net which you could later integrate with > http://www.splunk.com/ . >
OSSEC has a number of Asterisk rules already built it; including picking up failed SIP registrations. It also has the feature called Active Response which when a user defined threshold of failed events happen it is able to automatically add a IPtables/PF drop rule for the source IP. -- Thanks, Phil -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
