I would like to configure LaBrea on my firewall to look for port scans on my DMZ.
I have replaced eth0 in the init script with eth2 (my DMZ), and inserted the -s option (I am using a network switch instead of a hub - not sure if this is needed since I would think any traffic would have to hit the firewall anyway). In full, my OPTIONS are: -i eth2 -l -p 80000 -z -h -s -v I have one entry in the hard exclude file for an address we will be using shortly, no other changes made to the default configuration. Got ifconfig, put in /usr/local/bin, init script runs OK, and eth2 is in promiscuous mode, but the port scans are unimpeded and -v doesn't log any unused ip addresses captured - in fact it doesn't seem to be logging anything at all. According to ps, LaBrea is Running - Must LaBrea run on a seperate machine than the firewall, or am I doing something else wrong? Thanks in advance - David Yerger PS /etc/init.d/LaBrea restart doesn't work for me, it complains that it can't find start and stop - I suspect a bashism but I really don't know shell scripting enough to tell. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
