On Oct 6, 2004, at 3:29 PM, Jeffrey Goldberg wrote:
> I would like to know about what sorts of utilities exist for watching
> firewall logs as part of some sort of intrusion detection system.
> My specific immediate need is rather small [...]
I received helpful pointers to
It's probably overkill for my immediate needs, but seems like the
learn, so I'll go that way.
A suite of Unix-like tools for MS-Windows for doing this sort of
best reference I could find was
I failed to specify that I was looking for Unix tools, but at
least one person
mailed me off list asking about MS-Windows tools.
swatch: Perl based and OS independent according to
I didn't really look at this too much. It seems like a good tool
for many log
monitoring tasks, and not just IDS.
> Also, is there some set of rules that people recommend for being a
> "good network citizen"? That is, what should I try to prevent from
> leaving my network?
I received a recommendation for a default block all, with only opening
up what is needed. At some sites, I will do that. At others, I will
have to allow and log for a while to get a sense of legitimate
out-going that I might not know about. Eg, in addition to the list
recommended, I know that I'll need ports 53 and 123? (ntp), at least
from selected hosts. I suspect that there will be more that I have
Anyway, thanks all for your help and responses.