Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Michael Scheidell (scheidellfdma.com)
Date: Tue Jun 05 2001 - 10:22:02 CDT
""Heimes, Rene"" <rhcom-con.net> wrote in message
> i am searching for a parser that parses security logs from ipfw-made up
> logs. anyone got a hint?
> (btw: what about ipfw firewalls - outdated? what would be better?
> ipchains? help!)
Depends on what you want to do with it.
I do a 'tail -3 /var/log/ipfw.log' every morning,just to see anything
I also use the perl agent for Mynetwatchman. It watches ipfw, cisco ios,
and specific stuff I pass it from tcpwrapper and sends it to
www.mynetwatchman.com (they autolart the isp on certain events, like
lion/cheeze worm scans, rpc scans, or if they detect the same scaning ip
from several different locations)
I then go to their site, select 'attacks reported today' and see if they are
just hitting my site, or its a generic script scanner.
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message