Check out psad, which is similar to what you want (and I use it)....... You can see psad at http://www.cipherdyne.com/psad/, which is somehow related to Bastille Linux http://www.bastille-linux.org/. Or just apt-get install psad. --jordan
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote: > Greets all, > > A previous post spawned an idea of mine. I am not sure if there is a > project available for this or not. Here we go: > > A daemon sits running in the background listening to a special device > (/dev) or an IPC which would originate from syslog-ng. This daemon > would then parse the log and look for suspicious things. If it found > something suspicious it would use regular expression to grab out > pertinent parts of the log (say the IP address) and act on the log > accordingly (in real time) by say dropping an IPTABLE rule down on the > IP address. > > Are there any projects out there to do this right now. If not, is this > a good idea? If it is who would be a person/group that would be > qualified and have the time/interest to develop it. > > Just throwing out a random conscious thought, > > -- > Phillip Hofmeister > > PGP/GPG Key: > http://www.zionlth.org/~plhofmei/ > wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import > -- > Excuse #202: That's easy to fix but I can't be bothered. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
