David Relson wrote: > > At 05:40 PM 8/20/02, you wrote: > >Hi guys, > >the title pretty much says it all. > >I want to look at total traffic and be able to analyse the logs for intrusion > >attempts > >any suggestions? > >-- > > Have you looked at webalizer? I believe it's pretty good for analyzing > apache logs :-) However, it may not be intrusion oriented :-( >
I agree with the choice of webalizer. It is very easy to install, has a very nice interface with apache, and mandrake delivers a rpm for your convenience. Intrusion detection would necessitate another kind of program altogether, i.e. NIDS. In this direction, I would suggest you take a look at snort. A very nice program that will provide you with numerous alerts for all http traffic to port 80. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
