Sergio Morilla wrote: > My ISP has some sites that have different versions of nimda on their > servers. > I am constantly being scaned on port 80. I know there should be a way to > log this on an alternate log file.
> ipchains uses facility "kernel" and level "info" > So I was hoping to set a rule > > kernel.info -/var/log/nimda > > but this matches "all" ipchains messages!!! > Is there any way I can select only messages that have > are sent to 255.255.255.255:80 and have the SYN flag diverted to > /var/log/nimda?? syslog-ng could do this, but I don't think syslogd can; syslog-ng is bigger but appropriately MUCH more powerful. You can split up logs in almost any way you can think of... _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
