Hello, We have a Sun Solaris system which logs syslog messages from our router access control lists. Does anyone know if there is any software which will perform syslog file analysis and/or some form of intruder detection?
Initially something that simply collates the info and perhaps does some reporting, such that we can see, for example, whether a specific IP address has tried repeatedly to access our site; tried to scan various ports, etc. Whether this could just be done by syslog analysis or whether it requires a bit more analysis, which I assume intruder detection would do, I do not know. I am quite happy to write some perl to provide some simple analysis, but obviously don't want to re-invent the wheel as they say :-) Thanks, John. ------------------------------------------------------------------------ John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] PGP key available from public key servers
