Look snort 2.0.0 [1] It's an Intrusion Detection System. Theres an Preprozessor for Snort called 'Guardian'[2] to do things like you want. But read the other answers in this thread carefully!
Thomas Bechtold [1] http://snort.org [2] http://www.chaotic.org/guardian/ On Tuesday 01 July 2003 00:38, Phillip Hofmeister wrote: > Greets all, > > A previous post spawned an idea of mine. I am not sure if there is a > project available for this or not. Here we go: > > A daemon sits running in the background listening to a special device > (/dev) or an IPC which would originate from syslog-ng. This daemon > would then parse the log and look for suspicious things. If it found > something suspicious it would use regular expression to grab out > pertinent parts of the log (say the IP address) and act on the log > accordingly (in real time) by say dropping an IPTABLE rule down on the > IP address. > > Are there any projects out there to do this right now. If not, is this > a good idea? If it is who would be a person/group that would be > qualified and have the time/interest to develop it. > > Just throwing out a random conscious thought, > > -- > Phillip Hofmeister > > PGP/GPG Key: > http://www.zionlth.org/~plhofmei/ > wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import > -- > Excuse #202: That's easy to fix but I can't be bothered.
