Hi,
On certain linux boxes, I have iptables setup to block and/or log outgoing
connections, (as these boxes should never ever have a direct connection
to the internet) so a PSAD alert can warn me of a potential security
breach
or misconfigured program.
In these cases however, the PSAD alert email includes a whois report on
the
source of the packets - which is a private IP. What I'm more interested
in
is a whois on the _target_ of the packets.
How can I configure psad alerts to include the target whois instead?
Dean Takemori
Systems Support Supervisor
TD Food Group
dtakem...@thdfsg.com
------------------------------------------------------------------------------
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss