From: Bob B. <gra...@sp...> - 2010-02-23 19:51:41
|
Kevin W. Wall wrote: > Can anyone suggest a good iptables log analyzer? I'm falling > way behind in monitoring my IPCop log file (well, /var/log/messages, > the general kernel log file) so I was thinking of setting up a > cron job on one of my GREEN hosts to scp the files over where > I could then locally analyze them. (Would do this as a new, > non-root user account.) But I need some help in analyzing them > looking for suspicious entries (e.g., possible evidence of > malware infected Windoze hosts); trying to analyze these by hand is > both tedious and error prone which is one reason I've fallen > behind. A simple solution would be to install the Logsend addon http://sourceforge.net/projects/firewalladdons/files/ which will send a daily copy of your logs to DShield who will then send you back a nice summery a few hours later. You need to register at DShield at: https://secure.dshield.org/register.html If you are running IPCop v1.9.x you can get a modified compatible version of Logsend to send your logs to DShield here: http://www.grantura.co.uk/logsend-ipcop2/logsend-ipcop2-0.2.tar.gz Bob |