[ previous ] [ next ] [ threads ]
 From:  sylikc <sylikc at gmail dot com>
 To:  Fantuzzi SAS <fantuzzilorenzo at tuttopmi dot it>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Message from m0n0
 Date:  Fri, 22 Oct 2004 08:56:04 -0700
> >I would like to know if it is possible to recive a message from m0n0 on a Pc of my internal Lan
when somebody connect  (accepted or refused) to my Lan
> >(Win2003 server)
> >
> >Kind regards,
> >
> >Fabio
> >
> >
> >
> I do these:
> - install cygwin in w2003 server
> - setup syslog, smbclient and crontab in this environment (install as
> services)
> - setup m0n0wall to log the nat to server rules
> - redirect m0n0wall log to this syslog server
> - write a bash script (with more sed line :-)) that extract event you
> like and send via smbclient to pc
> - crontab this script

I have a feeling cygwin is overkill, plus on a server it opens up a
lot more entry points than you really want.  If you're really just
looking to do log analyzing, cygwin is too much.

Go to http://www.kiwisyslog.com and download the service version for
your w2k3 box.  Install.  Set up m0n0 to log whatever rules you need. 
(The specific rules is hard to define without knowing the insides of
your network).  Tell m0n0 to log to the syslog server (it's in
diagnostics/system logs/settings).

You can set up Kiwi to do the filtering of the logs or save them all
and use a log analyzer.  Vittore mentions using sed, so I suppose any
line by line analyzer scripted works if u want to customize it.  But
just go on the web to search for a "syslog log analyzer" freeware for
windows and see what you're looking for.