Re: security log file parser / ids

From: Michael Scheidell (scheidell@fdma.com)
Date: 06/05/01


From: "Michael Scheidell" <scheidell@fdma.com>
To: <freebsd-security@freebsd.org>
Date: Tue, 5 Jun 2001 11:22:02 -0400


""Heimes, Rene"" <rh@com-con.net> wrote in message
news:F54B610C5BFDE546BBA2F6CC595ACC75084958@Exchange2000.com-con.ag...
> hiho!
>
> i am searching for a parser that parses security logs from ipfw-made up
> logs. anyone got a hint?
> (btw: what about ipfw firewalls - outdated? what would be better?
> ipchains? help!)

Depends on what you want to do with it.

I do a 'tail -3 /var/log/ipfw.log' every morning,just to see anything
interesting

I also use the perl agent for Mynetwatchman. It watches ipfw, cisco ios,
and specific stuff I pass it from tcpwrapper and sends it to
www.mynetwatchman.com (they autolart the isp on certain events, like
lion/cheeze worm scans, rpc scans, or if they detect the same scaning ip
from several different locations)

I then go to their site, select 'attacks reported today' and see if they are
just hitting my site, or its a generic script scanner.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: security log file parser / ids
    ... > i am searching for a parser that parses security logs from ipfw-made up ... anyone got a hint? ... > (btw: what about ipfw firewalls - outdated? ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: security log file parser / ids
    ... > i am searching for a parser that parses security logs from ipfw-made up ... anyone got a hint? ... > (btw: what about ipfw firewalls - outdated? ...
    (FreeBSD-Security)
  • security log file parser / ids
    ... i am searching for a parser that parses security logs from ipfw-made up ... what about ipfw firewalls - outdated? ... "who fights might loose - who does not fight has lost immediately" ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)