Erich Titl wrote:
> Hi
>
> If it is just about to reformat syslog to another format all the time
> then you can always use
>
> tail -f /var/log/whatever.log | whatever.filter.program
>
> cheers
>
> Erich
No, it's about substantially decreasing the log file size. Even with SYN
floods blocke
This gave me an idea
Most of what gets logged doesn't really interest me that much and since
I've differentiated between each of the tables I use by setting
log-levels most of the parameters are identical anyway. I think it
actually makes sense to reformat those logs to Dshield standard.
So I
David,
Thanks for the reply.
My thoughts were very parallel to yours. I think the most convenient way
is to transfer the shorewall log to the standard workstation(e.g. in the
logrotate script using scp) where you can do all you want, even use the
by dshield provided perl scripts.
I haven't looked
Interesting idea. I've been thinking about reporting / graphing the
numbers of DROPs I get on different port numbers, which is what
isc.sans.org do on a global basis.
I did have some success with using uperl.lrp to run the
sensors-detect.pl script as reported in my leaf-user post from 2006-
08-26
Thanks kp,
I know Ihaven't seen anything on the perl package also. But would it be
too difficult to do the same in a bash script? I haven't looked in it
and a perl script is easier but nevertheless I think it is worthwhile to
look into it as the many thousands of Leaf users could add in making the
Am Sonntag, 29. Juni 2008 14:29:08 schrieb J.L. Blom:
> On Sun, 2008-06-29 at 13:52 +0200, J.L. Blom wrote:
> > Members,
> > I was browsing my firewall log and, looking for more information of the
> > attacked ports, I came upon the site isc.incidents.org.
> > This site give a wealth of information
On Sun, 2008-06-29 at 13:52 +0200, J.L. Blom wrote:
> Members,
> I was browsing my firewall log and, looking for more information of the
> attacked ports, I came upon the site isc.incidents.org.
> This site give a wealth of information on ports attacked and more. Among
> others found I was vigorous
Members,
I was browsing my firewall log and, looking for more information of the
attacked ports, I came upon the site isc.incidents.org.
This site give a wealth of information on ports attacked and more. Among
others found I was vigorously attacked by "Adore" a Linux trojan (of
course dropped by le
