Re: Logauswertung (en translation)
>> My problem is what tool to use to evaluate the logs for attacks
>> (e.g. portscans) and notify me by mail?
>I know you probably wouldn't want to hear the question, but I'll put it
>to you: What for?
<snip>
>Its much better to monitor a counter in order to detect DOS attacks
>or configuration errors and if there's concern about intrusion set up a
>couple rules to trigger the alarm when its counter is activated
>(outgoing connections, connection search for domain controllers...)
What counter would you use?
Reply to: