Hi,
My ISP has some sites that have different versions of nimda on their
servers.
I am constantly being scaned on port 80. I know there should be a way to
log
this on an alternate log file.
A fragment of syslog.conf looks
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
ipchains uses facility "kernel" and level "info"
So I was hoping to set a rule
kernel.info -/var/log/nimda
but this matches "all" ipchains messages!!!
Is there any way I can select only messages that have
are sent to 255.255.255.255:80 and have the SYN flag diverted to
/var/log/nimda??
Thanks in advance
Sergio
Sergio D. Morilla
Sistemas
Tipoiti SATIC
San Mart�n 647 Piso 2 Tel. : +54 11 4314-4482
C1004AAM - Buenos Aires Fax : +54 11 4508-6425
Argentina e-mail [EMAIL PROTECTED]
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
