try fwlogwatch for quick and dirty. Real ease and slick....
Then learn Snort as you go =)
Pitbull Technologies <http://www.pittech.com/>
Protecting your Digital Assets
Quoting Jeffrey Goldberg <jeffrey at goldmark dot org>:
> On Oct 6, 2004, at 3:29 PM, Jeffrey Goldberg wrote:
> > I would like to know about what sorts of utilities exist for watching
> > firewall logs as part of some sort of intrusion detection system.
> > My specific immediate need is rather small [...]
> I received helpful pointers to
> Snort: http://snort.org/
> It's probably overkill for my immediate needs, but seems like the
> tool to
> learn, so I'll go that way.
> A suite of Unix-like tools for MS-Windows for doing this sort of
> stuff. The
> best reference I could find was
> I failed to specify that I was looking for Unix tools, but at
> least one person
> mailed me off list asking about MS-Windows tools.
> swatch: Perl based and OS independent according to
> I didn't really look at this too much. It seems like a good tool
> for many log
> monitoring tasks, and not just IDS.
> > Also, is there some set of rules that people recommend for being a
> > "good network citizen"? That is, what should I try to prevent from
> > leaving my network?
> I received a recommendation for a default block all, with only opening
> up what is needed. At some sites, I will do that. At others, I will
> have to allow and log for a while to get a sense of legitimate
> out-going that I might not know about. Eg, in addition to the list
> recommended, I know that I'll need ports 53 and 123? (ntp), at least
> from selected hosts. I suspect that there will be more that I have
> Anyway, thanks all for your help and responses.
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch