On Jul 26, 2011, Amira Othman wrote: > Hi all
Hello Amira, > Iam new to linux and its my first time to use psad. Iam using psad-2.1.7-1 > on centOS5.6.the service is working fine but when I do port scan from > separate machine using nmap and then check psad -S I don't get the ip from > which I did port scanning. I added the line kern.info > |/var/lib/psad/psadfifo to /etc/syslog.conf and then restarted syslogd . For the scan detection, you will need to ensure that you have a "default log and drop" iptables policy. Are any log messages at all created (usually in /var/log/messages or /var/log/kern.log) when you do the scan? Also, I would recommend against using the psadfifo - just make sure that the ENABLE_SYSLOG_FILE variable in /etc/psad/psad.conf is set to Y. Also, make sure that the IPT_SYSLOG_FILE variable points to the file where syslog is actually writing iptables log data. Thanks, --Mike > Regards > > > Amira Othman > > Server Administrator > > <http://www.cairosource.com/> www.cairosource.com > > > > > > 6 EL Nil EL Abyad, Mohandiseen > > Cairo, Egypt > > Direct: +2 02 3303 7175 > Mobile: +2 012 220 4165 ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss