On Jul 23, 2009, dtakem...@thdfsg.com wrote: > Hi,
Hello - > On certain linux boxes, I have iptables setup to block and/or log outgoing > > connections, (as these boxes should never ever have a direct connection > to the internet) so a PSAD alert can warn me of a potential security > breach > or misconfigured program. > > In these cases however, the PSAD alert email includes a whois report on > the > source of the packets - which is a private IP. What I'm more interested > in > is a whois on the _target_ of the packets. > > How can I configure psad alerts to include the target whois instead? Ah, that is an interesting idea. psad does not currently support this, but I will add it in the next release. Thanks, -- Michael Rash | Founder http://www.cipherdyne.org/ Key fingerprint: E2EF 0C8A 5AA9 654C 4763 B50F 37AC E946 7F51 8271 > > > > Dean Takemori > Systems Support Supervisor > TD Food Group > dtakem...@thdfsg.com > ------------------------------------------------------------------------------ > _______________________________________________ > psad-discuss mailing list > psad-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/psad-discuss ------------------------------------------------------------------------------ _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
