Re: System log monitor
from the secret journal of An Thi-Nguyen Le (anle@ews.uiuc.edu):
> There's Psionic's logcheck, which is in both potato and woody. The
> one, the original. Goes well with portsentry (only in woody, can do
> a source compile on potato though).
>
not exactly -- portsentry depends on net-tools. i tried installing it with
--force-depends, and while the daemon starts, it doesn't detect stealth
scans. and just to make things interesting, a vanilla open scan results in
two log records for each port i hit. i shudder to think what would happen to
a busy site not using a loghost.
is it supposed to behave this way?
--
Jacob Kuntz
underworld.net/~jake
jpk@cape.com
Reply to: