-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 you may want to try ACID ( http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html ) it logs snort alerts into a database and can be used for data mining and graphing purposes (for the management-types out there). i sucessfully deployed an ACID machine a few months ago and have been very pleased with the results. dan edelweiss wrote: > > Look for portsentry and logcheck. Used to be available from > www.psionic.com > before Psionic got bought out by Cisco. I think there are mirrors of > the source > code, though, if you do a quick search via google. > > Tony > > steveat_private wrote: > >> I see a lot of people upon this list able to keep records >> of increases in port scans over time. >> >> For example it's common for a post to come through from a >> member asking about new scans on port foo - and a reply coming >> back saying "yes seen xxx of those since the 1st of xxx". >> >> Can I ask what software are you using to record these logs? >> >> I know that some firewall systems, like ipchains, or iptables >> will allow logs to be generated to syslog. However these are >> not terribly interesting to read - and they are hard to keep >> track of. >> >> I'm using a homebrewed system where I have a perl script >> capturing packets dumping source ip+port and destination ip+port >> to a database. This way I can produce pretty graphs showing >> scans of particular ports over time. >> >> (I'd be happy to release it if theres any interest). >> >> Steve >> -- >> >> --------------------------------------------------------------------------- >> >> ---------------------------------------------------------------------------- >> >> >> >> >> >> > > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/O30x/gwMYT/x34oRAl/0AJ43BPeCn8+yuvyQ4vWyi1daceC9jACdEZPf F6ZWONLjC1ByQEqkBABmRr0= =G7cn -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Aug 14 2003 - 11:38:53 PDT