incident.pl 1.7 by Viraj Alankar (http://freshmeat.net/users/valankos/) Saturday, October 6th 2001 19:25 Categories: Internet :: Log Analysis, Security, System :: Networking :: Monitoring About: incident.pl is a small script that, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators. Changes: 2 AU whois servers have been added, 'changed:' lines from whois are now ignored unless no other contacts are found, and MX lookups are now performed before whois to find the likely domain more quickly. A few more whois server error messages are handled properly, and timeouts/retries for whois are now configurable. Some other minor bugfixes and code cleanups were also done. License: GNU General Public License (GPL) URL: http://freshmeat.net/projects/incident.pl/ -- Elias Levy SecurityFocus http://www.securityfocus.com/ Si vis pacem, para bellum
This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 21:42:23 PDT