Re: intrusion detection / logfile reporter

To: debian-user@lists.debian.org
Subject: Re: intrusion detection / logfile reporter
From: "Gary Hennigan" <glhenni@sandia.gov>
Date: 09 Nov 2001 16:40:03 -0700
Message-id: <[🔎] nhxadxvms30.fsf@sadl12238.sandia.gov>
In-reply-to: <[🔎] 3BEBB817.3020104@online.de>
References: <[🔎] 3BEBB374.1000006@online.de> <[🔎] 20011109154934.E1621@exitwound.org> <[🔎] 3BEBB817.3020104@online.de>

"Timo <Blazko> Boewing" <blazko@online.de> writes:
> Stephen E. Hargrove wrote:
> 
> > http://www.psionic.com/ has some good stuff - logcheck, portsentry
> > and
> 
> > hostsentry.
> >
> 
> 
> Hello Stephen,
> 
> Hey, that was *exactly* what i was looking for. When i have time, i
> will try these packages. When i am done, i will let the list know
> about my experiences; if anyone is interested, of course ;-)

Those tools are excellent, but there's also simpler stuff. I've used
logcheck in the past and it did everything I wanted. When I installed
it it came configured with pretty broad rules for what to look for and
report so I had to narrow them considerably, but it was quick and
simple. There are other similar utilities. Doing a

        apt-cache search logfile

should give you some of those types of utilities.

Gary

Reply to:

References:
- intrusion detection / logfile reporter
  - From: "Timo <Blazko> Boewing" <blazko@online.de>
- Re: intrusion detection / logfile reporter
  - From: "Stephen E. Hargrove" <stephen@virtual-attorney.com>
- Re: intrusion detection / logfile reporter
  - From: "Timo <Blazko> Boewing" <blazko@online.de>

Prev by Date: Re: syslogd and iptables
Next by Date: Re: Ftp downloads for Linux running AMD K6
Previous by thread: Re: intrusion detection / logfile reporter
Next by thread: Re: intrusion detection / logfile reporter
Index(es):
- Date
- Thread