[plug] log file checking
Craig Foster
fostware at iinet.net.au
Sat Feb 1 01:21:51 WST 2003
As has been mentioned, logwatch is a good all-round errr log-watching
thing
(funny that :P )
There's the portsentry / logsentry / hostsentry combinations for hack
"deflections"
Or you could get the snort contributed rpms pre-rolled for SME server to
detect suspicious activity earlier.
"
Howto:
http://www.marari.net/downloads/snort/acid-howto.htm
RPMS:
http://www.marari.net/downloads/snort/ari-mitel-acid-1.1-1.noarch.rpm
http://www.marari.net/downloads/snort/ari-mitel-acid-1.1-1.src.rpm
Thanks to Abe Loveless for his help.
Cheers!
Ari Novikoff
Marari Network Solutions
http://www.marari.net"
Regards,
Craig Foster
fostware at iinet.net.au (with SMIME)
> -----Original Message-----
> From: Darren [mailto:dylnx at westnet.com.au]
> Sent: Friday, January 31, 2003 8:47 AM
> To: PLUG
> Subject: [plug] log file checking
>
>
> hi is there software available that can monitor my log files for
> suspicious activity's then notify me of any problems or
> attempts ?.i run
> sme server with an adsl connection to the net . what is good practice
> when checking logs? .how do other plugers check and maintain log files
> ??
> thanks Darren
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3238 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20030201/fa62163b/attachment.bin>
More information about the plug
mailing list