RE: [e-smith-devinfo] Looking for..... Log parsing etc functionality

Fri, 10 May 2002 17:51:16 -0700 

Trevor,

  The howto says that it's assumed that you have two NICS and are in
Gateway/server mode.  Do you have any experiences with dedicated server
only?

        I have a test system that I'll install it on anyways, and will
post my experience, but wonder if you or anyone else has tried it.


Kevin

-----Original Message-----
From: Trevor [mailto:[EMAIL PROTECTED]] 
Sent: Friday, May 10, 2002 11:17 AM
To: Kevin Flanagan
Subject: RE: [e-smith-devinfo] Looking for..... Log parsing etc
functionality


This will get you started... you can use bash/perl to update the
guardian
shell script to make it do stuff for you.  Including lookup of the
offending
IP address and emailing dns info to you and [EMAIL PROTECTED]

It's pretty simple to do.  Obviously, you will need the guardian module.

http://www.marari.net/downloads/snort/acid-howto.htm

Trevor


> -----Original Message-----
> From: Kevin Flanagan [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 09, 2002 4:19 PM
> To: [EMAIL PROTECTED]
> Subject: [e-smith-devinfo] Looking for..... Log parsing etc
> functionality
>
>
> I'm interested in something that does the following.
>
>  - Scan appache logs for NIMDA / Code red hits
>  - do the whois type functions to figure out who owns the domain
>  - Generate an email to the [EMAIL PROTECTED] for the offendor
>  - Create a daily report for the admin, (me)
>  - send a brief overview to the admin
>
>
>  Anybody doing anything like that?  I ask here because Brandon has
>  done some cool log  parsing stuff lately.
>
>  If not I'll take this thought to a new thread.
>
>  There are some cool things out there, but most of them need more perl
>  mods, etc, and aren't complete.....
>
>
>  TIA
>
>
> +-------------------------------------------+
>
> "The two most common elements in the universe are hydrogen and
> stupidity." -
>       Harlan Ellison
>
>
>
>
> --
> Please report bugs to [EMAIL PROTECTED]
> Please mail [EMAIL PROTECTED] (only) to discuss security issues
> Support for registered customers and partners to [EMAIL PROTECTED]
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> Archives by mail and
> http://www.mail-archive.com/devinfo%40lists.e-smith.org
>
>




--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org

Reply via email to