[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: System log monitor

from the secret journal of An Thi-Nguyen Le (anle@ews.uiuc.edu):
> There's Psionic's logcheck, which is in both potato and woody.  The 
> one, the original.  Goes well with portsentry (only in woody, can do 
> a source compile on potato though).

not exactly -- portsentry depends on net-tools. i tried installing it with
--force-depends, and while the daemon starts, it doesn't detect stealth
scans. and just to make things interesting, a vanilla open scan results in
two log records for each port i hit. i shudder to think what would happen to
a busy site not using a loghost.

is it supposed to behave this way?

Jacob Kuntz

Reply to: