On Fri, Aug 11, 2017 at 5:19 AM, Mister X <suncatcher...@outlook.com> wrote:
> Hi there,
> can psad report status in a more detailed way?
> This sample <http://cipherdyne.org/psad/docs/status.html> seems
> insufficient to me. I want to know how much packets were sent to which
> destinations, which protocols were used, and ideally this should be totals
> aggregated table.
> Can I feed psad with iptables log file and get such report?
>
Hello,
That sample is old on the cipherdyne website (I should update it). Indeed,
psad can produce much more detailed status information than that example.
Yes, you can feed psad an iptables log file and get a much more detailed
report ("psad -A -m iptables.logfile"). Here is an example of using psad to
analyze one of the old honeynet scan challenge iptables logs:
http://cipherdyne.org/psad/honeynet/scan34/
Here is what the detailed status looks like for this file, and you would
get the same types of information from a running psad daemon with "psad -S":
http://cipherdyne.org/psad/honeynet/scan34/psad-analysis.html
Thanks,
--Mike
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
