Retaking this mail thread, One question about: which you think is best? snort+sec? or pf+sec?
Thanks 2007/5/8, Alberich de megres <[EMAIL PROTECTED]>: > > Can Pfstat make per source ip ( for local lan for example ) statistics? > > I heared nice things about SEC,i will take a looks a both. > > > On 5/8/07, Joachim Schipper <[EMAIL PROTECTED]> wrote: > > > On Tue, May 08, 2007 at 10:45:36AM +0200, Alberich de megres wrote: > > > Hello, > > > > > > I'm new on the openbsd world..i came from linux world :P And i got a > > > question about logs > > > > > > In linux i used logwatch, i know that i can use it on openbsd. But is > > there > > > some other option in openbsd world? what about snort? what way you > use > > to > > > analyze logs in rout firewall or workstations? > > > > For log analysis, which is different from analyzing bandwidth and > > such, there are plenty of systems. I'd urge you to look at something > > that reports anything unknown, though, at least if you're using a log > > analyzer to point you at things that need fixing (as opposed to creating > > statistics, auto-blacklisting in response to SSH bruteforce attempts, > > and so on and so forth). > > > > Personally, I use SEC (sysutils/sec) for general log handling. It's > > pretty powerful, not too hard to use, and can be made to work in > > blacklist mode (search the web). I add pflogsumm (mail/pflogsumm) to > > handle all Postfix logs, mostly because SEC isn't that good at > > statistics (though you can get it to execute external programs...) > > > > Joachim > > > > -- > > TFMotD: ldd (1) - list dynamic object dependencies
