|
||||||||||
you could do it the hard way (but more info), by sending all your log files over to a syslog server and run Snort against them. Or for simplicity (less info), still send them to a syslog server and run a basic utility like fwlogger that just give a pretty HTML page of who is doing what..... Chet Harvey Pitbull Technologies <http://www.pittech.com/> Protecting your Digital Assets 703.407.7311 Quoting Jeffrey Goldberg <jeffrey at goldmark dot org>: > Hello, > > I would like to know about what sorts of utilities exist for watching > firewall logs as part of some sort of intrusion detection system. > > My specific immediate need is rather small and I could roll my own, but > surely others have already done a better job. > > My specific immediate need is to watch for blocked LAN-side attempts to > reach ports 137-139, 445, 25, etc. That is, I want to know fairly > quickly if there is something on my network that is trying to do nasty > things. > > Also, is there some set of rules that people recommend for being a > "good network citizen"? That is, what should I try to prevent from > leaving my network? > > > -- > Jeffrey Goldberg http://www.goldmark.org/jeff/ > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |