I use logcheck right now to analyze my logs on an hourly basis. As it
turns out, the iptables entries (about denied connections, etc.) are
most of what's in the logcheck emails. This is a little tiring because
a lot of the time, I don't do anything based on these entries. I know
I sometimes miss other entries in the middle of a pile of iptables
entries, too.
What I'd like to do is filter these iptables entries out of the logcheck
emails (which is easy), but I don't want to lose the information
entirely. What I want is a daily summary of iptables problems, i.e.
number of denied connections, list of the hosts that were disallowed,
list of the closed ports that were hit, etc., etc. If I see something
disturbing, I'll go back and look at the logs for specifics.
Can anyone suggest an existing package that does this? Anyone out there
written a home-grown script that sounds like this?
Thanks for the suggestions...
KEN
--
Kenneth J. Pronovici <pronovic@ieee.org>
Personal Homepage: http://www.skyjammer.com/~pronovic/
"They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety."
- Benjamin Franklin, Historical Review of Pennsylvania, 1759
Attachment:
pgpMzJz3j1AYD.pgp
Description: PGP signature