On Sun, 19 Sep 2004, martin f krafft wrote: > also sprach Noah Meyerhans <[EMAIL PROTECTED]> [2004.09.19.2219 +0200]: > > As an additional point against these scripts, they are host based. > > If I'm going to bother blackholing the source of these login > > attempts, I'm going to do it at the border. Yes, I can write > > scripts to react to this kind of scanning and have it > > automatically manipulate access lists on the routers, I'm not sure > > I really like the idea. I'm sort of leaning in that direction, at > > this point, though, just to shut up logcheck without telling it to > > ignore all failed root login attempts. > > If you ask me, logcheck should learn how to evaluate log messages in > their context...
hmm there are ideas for logcheck after sarge+1, please elaborate. ATM logcheck is a pretty dumb `egrep -v' wrapper of your logs. that symplicity of design has it's strength, but there are for example demands for trigger values. -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
