[plug] firewall syslog / log viewing / sorting /logwatch /alerting

[Daniel]

Hi Plug,
I am interested in logging /viewing/ alerting/ - general securing in
addition to iptables to deal sensibly with logs and try to find ways
sorting through them easier.

The Firewall is command line only running iptables on woody that could
easily send logs to another woody machine.

>From my limited reading and understanding there's syslogd(udp),
syslog-ng (tcp), metalog (reportedly easier to config?), klogd, and
snort and acid. I've got a fair way to go till I understand all my
choices and the easiest way to keep an eye on them.

If you have any guidance to head me in the right direction it would be
great.

Thanks,
Daniel.

http://packages.debian.org/unstable/net/fwlogwatch.html
http://packages.debian.org/unstable/admin/metalog.html
http://packages.debian.org/unstable/admin/syslog-ng.html
http://www.jedi.claranet.fr/     (iplimit, iptrap)