--On Monday, September 26, 2005 13:58:01 +0200 Administrator Chat-Net <[EMAIL PROTECTED]> wrote:
hi all, on the webpage of intrusion[1] i saw that they have a login_failure monitor. is that monitor still avalaible or is there another who does replace it? thx for reply greetz [1] http://www.intrusion.com/knowledge/article.aspx?ID=611166
My impression from reading that site is that the monitor scripts reference are proprietary scripts written by Intrustion Inc., provided as part of the SecureNet Sensor product they sell.
I'd guess that their script wouldn't be useful outside of their box anyway, since it probably is looking at pre-collected data from their system.
For a general purpose monitor script you'd probably want something that parses syslog output. There is a syslog.monitor included with mon that serves as a syslogd replacement, but I've never personally used it. (I didn't like the 'must replace syslogd' requirement..)
I have a similar tool which watches the syslog log files and pattern matches on the output, generating mon traps as necessary. I could probably add it to the mon CVS area if anyone is interested in using it...
-David David Nolan <*> [EMAIL PROTECTED] curses: May you be forced to grep the termcap of an unclean yacc while a herd of rogue emacs fsck your troff and vgrind your pathalias! _______________________________________________ mon mailing list mon@linux.kernel.org http://linux.kernel.org/mailman/listinfo/mon