Giorgos Keramidas wrote:

On 2004-06-18 10:43, Uwe Kolsch <[EMAIL PROTECTED]> wrote:

Is there a tool for FBSD like logwatch on Linux, which can provide a detailed
but still somehow summarized output based on the logging results of IPFW. I mean
more detailed than this from the daily security run:

02010    557     48486 deny log ip from any to any out
10000   1026     49716 deny ip from any to any in setup
10003   3859    828227 deny ip from any to any in

... and more like this.

You can always write your own shell scripts to parse ipfw logs ;-)

I haven't heard of any summarizing tools, but if you feel that scripting
your own is too much it shouldn't be too hard to roll a few custom
scripts if you tell me what you're looking for in such a report.

You can send your daily logs to and they will give a daily overview over what you send. They will use your information to do ' distributed IDS '. That means if you get port probed and the person doing that hits your network and other networks regularly, there will be a warning send out to the ISP that this person is being very abusive.

I use it myself, giving a match on my external interface and it will send just that.

Perhaps you can view their script, (perl), and adopt it to create the summary yourself.

- Giorgos


Kind regards,

Remko Lodder                   |[EMAIL PROTECTED]
Reporter DSINet                |[EMAIL PROTECTED]
Projectleader Mostly-Harmless  |[EMAIL PROTECTED]
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to