Re: [psad-discuss] cheking port scanning

2011-07-26 Thread Michael Rash 
On Jul 26, 2011, Amira Othman wrote:

> Hi all

Hello Amira,

> Iam new to linux and its my first time to use psad. Iam using psad-2.1.7-1
> on centOS5.6.the service is working fine but when I do port  scan from
> separate machine using nmap and then check psad -S I don't get the ip from
> which I did port scanning. I added the line kern.info
> |/var/lib/psad/psadfifo to /etc/syslog.conf and then restarted syslogd  .

For the scan detection, you will need to ensure that you have a "default log
and drop" iptables policy.  Are any log messages at all created (usually in
/var/log/messages or /var/log/kern.log) when you do the scan?

Also, I would recommend against using the psadfifo - just make sure that the
ENABLE_SYSLOG_FILE variable in /etc/psad/psad.conf is set to Y.  Also, make
sure that the IPT_SYSLOG_FILE variable points to the file where syslog is
actually writing iptables log data.

Thanks,

--Mike


> Regards
> 
> 
> Amira Othman
> 
> Server Administrator
> 
>   www.cairosource.com
> 
>  
> 
> 
> 
> 6 EL Nil EL Abyad, Mohandiseen 
> 
> Cairo, Egypt
> 
> Direct: +2 02 3303 7175
> Mobile:   +2 012 220 4165

--
Got Input?   Slashdot Needs You.
Take our quick survey online.  Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
___
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

[psad-discuss] cheking port scanning

2011-07-26 Thread Amira Othman 
Hi all

Iam new to linux and its my first time to use psad. Iam using psad-2.1.7-1
on centOS5.6.the service is working fine but when I do port  scan from
separate machine using nmap and then check psad -S I don't get the ip from
which I did port scanning. I added the line kern.info
|/var/lib/psad/psadfifo to /etc/syslog.conf and then restarted syslogd  .

Regards


Amira Othman

Server Administrator

  www.cairosource.com

 



6 EL Nil EL Abyad, Mohandiseen 

Cairo, Egypt

Direct: +2 02 3303 7175
Mobile:   +2 012 220 4165

 

The information transmitted is intended solely for the individual or entity
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of or
taking action in reliance upon this information by persons or entities other
than the intended recipient is prohibited. If you have received this email
in error please contact the sender and delete the material from any
computer.

 

 

<>--
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/___
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss