Date: Tue, 05 Jun 2001 13:50:08 -0500 From: Ryan <ryanpek@swbell.net> To: "Heimes, Rene" <rh@com-con.net>, freebsd-security@freebsd.org Subject: Re: security log file parser / ids Message-ID: <001301c0edf0$58b49ee0$01000001@mhx800> References: <F54B610C5BFDE546BBA2F6CC595ACC75084958@Exchange2000.com-con.ag>
next in thread | previous in thread | raw e-mail | index | archive | help
You could always is ipnat and IPF with ipmon works very well giving logs outputs to syslog like: 04/06/2001 21:34:37.297183 xl0 @0:23 b 195.112.227.10 -> 64.219.216.68 PR icmp len 20 56 icmp 3/1 for 64.219.216.68,113 - 195.112.240.61,51518 PR tcp len 20 40 IN ipf howto: http://www.obfuscation.org/ipf/ ----- Original Message ----- From: "Heimes, Rene" <rh@com-con.net> To: <freebsd-security@freebsd.org> Sent: Tuesday, June 05, 2001 4:24 AM Subject: security log file parser / ids hiho! i am searching for a parser that parses security logs from ipfw-made up logs. anyone got a hint? (btw: what about ipfw firewalls - outdated? what would be better? ipchains? help!) other question - whats the (freeware) ids of your choice / "state of the art" for freeBSD? great thanks in advance, rené **************************************************** "who fights might loose - who does not fight has lost immediately" Bertolt Brecht (freely adapted ;-) **************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001301c0edf0$58b49ee0$01000001>