Re: Logauswertung (en translation)

To: debian-security@lists.debian.org
Subject: Re: Logauswertung (en translation)
From: Jonathan Wilson <jw@mailsw.com>
Date: Mon, 1 May 2006 16:53:45 -0500
Message-id: <[🔎] 200605011653.46037.jw@mailsw.com>
In-reply-to: <20060424225721.GI28666@mini.alaya.net>
References: <e2gg8s$4j9$03$1@news.t-online.com> <E1FXk3E-0005p4-00@calista.inka.de> <20060424225721.GI28666@mini.alaya.net>

>> My problem is what tool to use to evaluate the logs for attacks
>> (e.g. portscans) and notify me by mail?

>I know you probably wouldn't want to hear the question, but I'll put it
>to you: What for?
<snip>

>Its much better to monitor a counter in order to detect DOS attacks
>or configuration errors and if there's concern about intrusion set up a
>couple rules to trigger the alarm when its counter is activated
>(outgoing connections, connection search for domain controllers...)

What counter would you use?

Reply to:

Follow-Ups:
- Re: Logauswertung (en translation)
  - From: be-news06@lina.inka.de (Bernd Eckenfels)

Next by Date: Re: Logauswertung (en translation)
Next by thread: Re: Logauswertung (en translation)
Index(es):
- Date
- Thread