"vdongen" <[EMAIL PROTECTED]> writes: > You could run logcheck, which instead of reading the logs mails you > entries that are "unusual" or "attempted break ins"
OK, my thoughts: a) use syslog-ng to filter firewall events into a separate firewall.log; b) use fwlogwatch to generate HTML tables of what's going off and mail you summaries every day; c) push all log entries out to a separate loghost if possible, too; d) install AIDE and get that to mail nightly; e) keep an eye on <http://www.linuxsecurity.com/> and other sundry security-related sites. ~Tim -- <http://spodzone.org.uk/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]