From owner-freebsd-security  Tue Jun  5 13: 6:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mta5.rcsntx.swbell.net (mta5.rcsntx.swbell.net [151.164.30.29])
	by hub.freebsd.org (Postfix) with ESMTP id C73B937B401
	for <freebsd-security@freebsd.org>; Tue,  5 Jun 2001 13:06:38 -0700 (PDT)
	(envelope-from ryanpek@swbell.net)
Received: from mhx800 ([64.219.216.69]) by mta5.rcsntx.swbell.net
 (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10)
 with SMTP id <0GEH00IID0BS9E@mta5.rcsntx.swbell.net> for
 freebsd-security@freebsd.org; Tue,  5 Jun 2001 13:50:16 -0500 (CDT)
Date: Tue, 05 Jun 2001 13:50:08 -0500
From: Ryan <ryanpek@swbell.net>
Subject: Re: security log file parser / ids
To: "Heimes, Rene" <rh@com-con.net>, freebsd-security@freebsd.org
Message-id: <001301c0edf0$58b49ee0$01000001@mhx800>
MIME-version: 1.0
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8BIT
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
References: <F54B610C5BFDE546BBA2F6CC595ACC75084958@Exchange2000.com-con.ag>
X-Priority: 3
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

You could always is ipnat and IPF with ipmon works very well giving logs
outputs to syslog like:
04/06/2001 21:34:37.297183 xl0 @0:23 b 195.112.227.10 -> 64.219.216.68 PR
icmp len 20 56 icmp 3/1 for 64.219.216.68,113 - 195.112.240.61,51518 PR tcp
len 20 40 IN

ipf howto: http://www.obfuscation.org/ipf/


----- Original Message -----
From: "Heimes, Rene" <rh@com-con.net>
To: <freebsd-security@freebsd.org>
Sent: Tuesday, June 05, 2001 4:24 AM
Subject: security log file parser / ids


hiho!

i am searching for a parser that parses security logs from ipfw-made up
logs. anyone got a hint?
(btw: what about ipfw firewalls - outdated? what would be better?
ipchains? help!)

other question - whats the (freeware) ids of your choice / "state of the
art" for freeBSD?

great thanks in advance,

rené

****************************************************
"who fights might loose - who does not fight has lost immediately"
Bertolt Brecht (freely adapted ;-)
****************************************************

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message