Ricardo Saffi Marques <saffi <at> las.ic.unicamp.br> writes:
> Don't forget denyhosts and I'd also use metalog instead of syslog-ng. Hmmm, So you are suggesting to run 'denyhosts' directly on the firewall ? portage has version 0.8-r1 but I see version 2.6 for download..... Which version do you use? If newer than 0.8-rc1 How did you install it (overlay, compile sources) ? How much cpu/ram resources does denyhosts use, during an active attack? (guesstimate is ok)? On logging, I'm not sure how I want to handle this on old hardware with limited disk space. NO doubt I'll just stream it somewhere, but you have to be careful not to use too much processor/ram/resources on these old firewalls, so I may just set something up and have the ability to turn logging on/off depending on needs. It get's more complicated if it's just a remote firewall I manage for a friend..... They would not know what to do, no matter what application it's plugged into for analysis....... (gotta think about the logging/analysis issue some more).... James -- [email protected] mailing list
