syslog-ng can do this if the programs log anything interesting, and I sent Michael a copy of a program I wrote to batch alerts before mailing them (as not to kill the mta if there is a bunch of hits). If you really want real-time, just write a program that emails each line as it is read from stdin. I started with that, and spammed myself with a huge number of alerts at one point. sec was designed for this kind of stuff, and while I am certain that you can get this working, the design of writing perl snippets for configuration did not seem right to me. The problem with logcheck and syslog-ng's implementation of a similar feature is that you end up with a bunch of regex after a while. And it is not clear which ones are still useful iptables actually does this nicely with packet/bytes counter for each rule. /Allan
Attachment:
signature.asc
Description: Digital signature