I'm trying to use the MAD feature of fw1.
The only information I get after changing in cpmad_config.conf the
MAD_*_action to "mail", is this kind of messages:
3:46:55 accept 127.0.0.1 > mail product MAD attack successive_alerts
I have this questions:
- How can I receive more information in the message, such as source
ip address, service, ... ?
- How can I use a script to process the information of an mad alert
message? Where can I configure it? What kind of information the script
should expect to receive?
- Where can I find documentation about the configuration files?
Thanks in advance.
-- A n u s k a A r a g ó n Servicio Informático e-mail: [EMAIL PROTECTED] Universidad de La Rioja Tf.: +34 941 299233 Av. de La Paz 93, 26004 Logroño Fax: +34 941 299180
