Re: OT: An Idea for an IDS
Look snort 2.0.0 
It's an Intrusion Detection System. Theres an Preprozessor for Snort called
'Guardian' to do things like you want. But read the other answers in this
On Tuesday 01 July 2003 00:38, Phillip Hofmeister wrote:
> Greets all,
> A previous post spawned an idea of mine. I am not sure if there is a
> project available for this or not. Here we go:
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng. This daemon
> would then parse the log and look for suspicious things. If it found
> something suspicious it would use regular expression to grab out
> pertinent parts of the log (say the IP address) and act on the log
> accordingly (in real time) by say dropping an IPTABLE rule down on the
> IP address.
> Are there any projects out there to do this right now. If not, is this
> a good idea? If it is who would be a person/group that would be
> qualified and have the time/interest to develop it.
> Just throwing out a random conscious thought,
> Phillip Hofmeister
> PGP/GPG Key:
> wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
> Excuse #202: That's easy to fix but I can't be bothered.