Dear Members,
I have started using psad with fwsnort and it is awesome!
I have received alerts but they are not clear to me as it did not
include the msg: field for the description
Right now I have to manually open up fwsnort.save to search for
SID2013222 to figure out what it is.
Is there anyway we could include the info?
Thank you!
=-=-=-=-=-=-=-=-=-=-=-= Mon Oct 15 20:16:52 2012 =-=-=-=-=-=-=-=-=-=-=-=
Danger level: [1] (out of 5)
Scanned TCP ports: [55016: 3 packets]
TCP flags: [ACK: 3 packets]
iptables chain: FWSNORT_FORWARD_ESTAB (*prefix "[929] SID2013222
ESTAB"*), 3 packets
fwsnort rule: 929
Source: xxxxx
DNS: xxxxxx
Destination: xxxxx
DNS: [No reverse dns info available]
Overall scan start: Mon Oct 15 20:16:16 2012
Total email alerts: 7
Complete TCP range: [24722-55016]
Syslog hostname: bgp2
Global stats: chain: interface: TCP: UDP: ICMP:
FORWARD bond2 4 0 0
[+] Whois Information (source IP):
Unknown AS number or IP network. Please upgrade this program.
=-=-=-=-=-=-=-=-=-=-=-= Mon Oct 15 20:16:52 2012 =-=-=-=-=-=-=-=-=-=-=-=
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
