Re: System log monitor

To: An Thi-Nguyen Le <anle@ews.uiuc.edu>, debian-security@lists.debian.org
Subject: Re: System log monitor
From: jpk@cape.com (Jacob Kuntz)
Date: Sun, 3 Dec 2000 00:10:54 -0500
Message-id: <[🔎] 20001203001054.C395@cape.com>
In-reply-to: <[🔎] 20001202230235.A4030@srh1003>; from anle@ews.uiuc.edu on Sat, Dec 02, 2000 at 11:02:35PM -0600
References: <[🔎] 14889.52122.881743.444993@tarka.org> <[🔎] 20001202230235.A4030@srh1003>

from the secret journal of An Thi-Nguyen Le (anle@ews.uiuc.edu):
> There's Psionic's logcheck, which is in both potato and woody.  The 
> one, the original.  Goes well with portsentry (only in woody, can do 
> a source compile on potato though).
> 

not exactly -- portsentry depends on net-tools. i tried installing it with
--force-depends, and while the daemon starts, it doesn't detect stealth
scans. and just to make things interesting, a vanilla open scan results in
two log records for each port i hit. i shudder to think what would happen to
a busy site not using a loghost.

is it supposed to behave this way?

-- 
Jacob Kuntz
underworld.net/~jake
jpk@cape.com

Reply to:

Follow-Ups:
- Re: System log monitor
  - From: An Thi-Nguyen Le <anle@ews.uiuc.edu>

References:
- System log monitor
  - From: Steve <tarka@zip.com.au>
- Re: System log monitor
  - From: An Thi-Nguyen Le <anle@ews.uiuc.edu>

Prev by Date: Re: System log monitor
Next by Date: Re: System log monitor
Previous by thread: Re: System log monitor
Next by thread: Re: System log monitor
Index(es):
- Date
- Thread