Date: Tue, 5 Jun 2001 11:22:02 -0400 From: "Michael Scheidell" <scheidell@fdma.com> To: <freebsd-security@freebsd.org> Subject: Re: security log file parser / ids Message-ID: <007b01c0edd3$45ebaf50$2801010a@fdma.com> References: <F54B610C5BFDE546BBA2F6CC595ACC75084958@Exchange2000.com-con.ag>
next in thread | previous in thread | raw e-mail | index | archive | help
""Heimes, Rene"" <rh@com-con.net> wrote in message news:F54B610C5BFDE546BBA2F6CC595ACC75084958@Exchange2000.com-con.ag... > hiho! > > i am searching for a parser that parses security logs from ipfw-made up > logs. anyone got a hint? > (btw: what about ipfw firewalls - outdated? what would be better? > ipchains? help!) Depends on what you want to do with it. I do a 'tail -3 /var/log/ipfw.log' every morning,just to see anything interesting I also use the perl agent for Mynetwatchman. It watches ipfw, cisco ios, and specific stuff I pass it from tcpwrapper and sends it to www.mynetwatchman.com (they autolart the isp on certain events, like lion/cheeze worm scans, rpc scans, or if they detect the same scaning ip from several different locations) I then go to their site, select 'attacks reported today' and see if they are just hitting my site, or its a generic script scanner. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007b01c0edd3$45ebaf50$2801010a>