The obvious question is... Where can I get syslog-ng.lrp and some info about it??
-----Mensaje original----- De: David Douthitt [mailto:[EMAIL PROTECTED]] Enviado el: Tuesday, December 04, 2001 15:25 Para: LEAF Users List Asunto: Re: [Leaf-user] Alternate loging Sergio Morilla wrote: > My ISP has some sites that have different versions of nimda on their > servers. > I am constantly being scaned on port 80. I know there should be a way to > log this on an alternate log file. > ipchains uses facility "kernel" and level "info" > So I was hoping to set a rule > > kernel.info -/var/log/nimda > > but this matches "all" ipchains messages!!! > Is there any way I can select only messages that have > are sent to 255.255.255.255:80 and have the SYN flag diverted to > /var/log/nimda?? syslog-ng could do this, but I don't think syslogd can; syslog-ng is bigger but appropriately MUCH more powerful. You can split up logs in almost any way you can think of... _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user