From owner-freebsd-security Fri Jun 27 09:06:27 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id JAA29010 for security-outgoing; Fri, 27 Jun 1997 09:06:27 -0700 (PDT) Received: from asterix.insight.co.za (asterix.insight.co.za [196.27.7.9]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id JAA29004 for ; Fri, 27 Jun 1997 09:06:17 -0700 (PDT) Received: from tony by asterix.insight.co.za with local (Exim 1.62 #1) id 0whdWj-0003xj-00; Fri, 27 Jun 1997 18:05:37 +0200 Subject: Re: how can we monitor in real time ? (was Re: probing from To: sweeting@tm.net.my (chas) Date: Fri, 27 Jun 1997 18:05:37 +0200 (SAT) Cc: freebsd-security@freebsd.org In-Reply-To: <3.0.32.19970627224059.009cece0@mail.tm.net.my> from "chas" at Jun 27, 97 10:50:16 pm X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: From: Tony Harverson Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I sent along a bit of info on this one earlier but it > did prompt me to wonder : > > "how can we check for this info (and DoS attackes or > similar) in real time rather than afterwards in log files ? > is there any software that can be configured to monitor > your server and shout when it is possibly coming under > attack ?" > > Thank you very much, > > chas > There is a piece of software called "logsurfer" which can be configured to watch log files and take any action that can be entered at the command line eg : tcp denys to someone of my machines get paged to me.. haven't get a url for it at the moment - give me a yell if you get stuck. Tony