>> My problem is what tool to use to evaluate the logs for attacks >> (e.g. portscans) and notify me by mail?
>I know you probably wouldn't want to hear the question, but I'll put it >to you: What for? <snip> >Its much better to monitor a counter in order to detect DOS attacks >or configuration errors and if there's concern about intrusion set up a >couple rules to trigger the alarm when its counter is activated >(outgoing connections, connection search for domain controllers...) What counter would you use? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
