I use logcheck right now to analyze my logs on an hourly basis. As it turns out, the iptables entries (about denied connections, etc.) are most of what's in the logcheck emails. This is a little tiring because a lot of the time, I don't do anything based on these entries. I know I sometimes miss other entries in the middle of a pile of iptables entries, too. What I'd like to do is filter these iptables entries out of the logcheck emails (which is easy), but I don't want to lose the information entirely. What I want is a daily summary of iptables problems, i.e. number of denied connections, list of the hosts that were disallowed, list of the closed ports that were hit, etc., etc. If I see something disturbing, I'll go back and look at the logs for specifics. Can anyone suggest an existing package that does this? Anyone out there written a home-grown script that sounds like this? Thanks for the suggestions... KEN -- Kenneth J. Pronovici <pronovic@ieee.org> Personal Homepage: http://www.skyjammer.com/~pronovic/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania, 1759
Attachment:
pgpMzJz3j1AYD.pgp
Description: PGP signature