Greets all, A previous post spawned an idea of mine. I am not sure if there is a project available for this or not. Here we go:
A daemon sits running in the background listening to a special device (/dev) or an IPC which would originate from syslog-ng. This daemon would then parse the log and look for suspicious things. If it found something suspicious it would use regular expression to grab out pertinent parts of the log (say the IP address) and act on the log accordingly (in real time) by say dropping an IPTABLE rule down on the IP address. Are there any projects out there to do this right now. If not, is this a good idea? If it is who would be a person/group that would be qualified and have the time/interest to develop it. Just throwing out a random conscious thought, -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #202: That's easy to fix but I can't be bothered. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
