actually, i'm not very sure what i'm asking for, a log analyser or an intrusion detection system.
the reason is, my /var/log/kernel/info has become abnormally large over the last 3 days, from 1.5mb between 1 Jun to 8 Jun, to 23++ mb between 8 Jun to now (11 Jun). the cause is due to shorewall entries, most of which are REJECTed or DROPped external traffic to seemingly random ports, from IPs which have no reason to attempt to access my IP. i vaguely (and maybe paranoidly) suspect that i'm the target of some probe/scan, and that the source IPs are being spoofed, but newbie that i am, i really can't make tell if any of the traffic are malevolent. visited snort.org, shorewall.net, netfilter.org and a few other sites to get abit of background information, but so far only understanding around 20% of what i'm reading. hoping that someone here can make a good recommendation for a simple to configure log analyser/IDS, that can make "guesses" on whether i'm being sniffed or probed. thanks in advance. ;-) for the record, i'm running mandrake 9.0 purely as the gateway to a small network, sharing a DSL connection, with smtp and http ports forwarded. (keeping up to date with security updates).
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
