On Nov 09, 2009, Sim?n wrote:

> Hi,


>    The man page of psad says:
> "/Occasionally certain IP addresses are repeat offenders and should 
> automatically be given a higher danger level than would normally be 
> assigned. Additionally, some IP addresses can always be ignored 
> depending on your network configuration (the loopback interface 
> might be a good candidate for example). /etc/psad/auto_dl 
> provides an interface for psad to automatically increase/decrease/ignore 
> scanning IP danger levels. Modifications can be made to auto_dl 
> (installed by default in /etc/psad) and psad will import them *without 
> having to restart the psad process.*/"
>      But if I change the auto_dl file and I don't restart the psad 
> process (with "/etc/init.d/psad restart"), it doesn't import the new rules.

Ah, that is an old portion of the man page - thanks for catching that.
I've fixed the wording for the next release.

In the meantime, you can use 'psad -H' to have psad re-import the file,
or restart the psad process.  Note that psad will import previous scan
information if you have the IMPORT_OLD_SCANS variable set to 'Y' in the
psad.conf file.



Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
psad-discuss mailing list

Reply via email to