From owner-freebsd-security  Tue Jun  5  8:27:26 2001
Delivered-To: freebsd-security@freebsd.org
Received: from c1456354-a.boise1.id.home.com (c1456354-a.boise1.id.home.com [65.4.107.53])
	by hub.freebsd.org (Postfix) with SMTP id 5984737B405
	for <freebsd-security@freebsd.org>; Tue,  5 Jun 2001 08:27:23 -0700 (PDT)
	(envelope-from g0rdi@c1456354-a.boise1.id.home.com)
Received: (qmail 995 invoked by uid 500); 5 Jun 2001 15:25:52 -0000
Date: Tue, 5 Jun 2001 09:25:52 -0600
From: jeremy-novak <pr0cy0n@home.com>
To: "Heimes, Rene" <rh@com-con.net>
Cc: freebsd-security@freebsd.org
Subject: Re: security log file parser / ids
Message-ID: <20010605092552.A936@c1456354-a.boise1.id.home.com>
References: <F54B610C5BFDE546BBA2F6CC595ACC75084958@Exchange2000.com-con.ag>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <F54B610C5BFDE546BBA2F6CC595ACC75084958@Exchange2000.com-con.ag>; from rh@com-con.net on Tue, Jun 05, 2001 at 10:24:42AM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Jun 05, 2001 at 10:24:42AM +0100, Heimes, Rene wrote:
> hiho!
> 
> i am searching for a parser that parses security logs from ipfw-made up
> logs. anyone got a hint?
> (btw: what about ipfw firewalls - outdated? what would be better?
> ipchains? help!)
> 
> other question - whats the (freeware) ids of your choice / "state of the
> art" for freeBSD?
> 
> great thanks in advance,
> 
> rené
> 
> ****************************************************
> "who fights might loose - who does not fight has lost immediately"
> Bertolt Brecht (freely adapted ;-)
> ****************************************************

  Hi 

  I hope this helps some. It is a neat little toy called logcheck that is very
configurable. You can get it at http://www.psionic.com

Hope that helps out.

Jeremy
-- 

        
  ^ ^     email: pr0cy0n@home.com  (but you already knew that)
[ 0 0 ]   ircnick: g0rdi <irc.slashnet.org /#code>,<irc.undernet.org /#freebsd>
   '      usenet/mail: comp.unix.bsd.freebsd.misc/freebsd-hackers, lots more  
   o      root password: just kidding!

"You have an account at host.com"? "I wanna be user@host.com; I would get
 so many 'cool' e-mails".
          
  




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message