Can Pfstat make per source ip ( for local lan for example ) statistics? I heared nice things about SEC,i will take a looks a both.
On 5/8/07, Joachim Schipper <[EMAIL PROTECTED]> wrote: > On Tue, May 08, 2007 at 10:45:36AM +0200, Alberich de megres wrote: > > Hello, > > > > I'm new on the openbsd world..i came from linux world :P And i got a > > question about logs > > > > In linux i used logwatch, i know that i can use it on openbsd. But is > there > > some other option in openbsd world? what about snort? what way you use > to > > analyze logs in rout firewall or workstations? > > For log analysis, which is different from analyzing bandwidth and > such, there are plenty of systems. I'd urge you to look at something > that reports anything unknown, though, at least if you're using a log > analyzer to point you at things that need fixing (as opposed to creating > statistics, auto-blacklisting in response to SSH bruteforce attempts, > and so on and so forth). > > Personally, I use SEC (sysutils/sec) for general log handling. It's > pretty powerful, not too hard to use, and can be made to work in > blacklist mode (search the web). I add pflogsumm (mail/pflogsumm) to > handle all Postfix logs, mostly because SEC isn't that good at > statistics (though you can get it to execute external programs...) > > Joachim > > -- > TFMotD: ldd (1) - list dynamic object dependencies
