Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Logging port scans
- To: tlug@example.com
- Subject: Re: Logging port scans
- From: "A.Sajjad Zaidi" <sajjad@example.com>
- Date: Thu, 07 Dec 2000 16:46:48 +0900
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii
- Organization: Vanguard K.K.
- References: <3A2F1F64.C789E56E@example.com> <20001207160107.A168@example.com>
- Reply-To: tlug@example.com
- Resent-From: tlug@example.com
- Resent-Message-ID: <eqdkDC.A.4pE.rB0L6@example.com>
- Resent-Sender: tlug-request@example.com
- Sender: sajjad
Thanks, but still doesnt explain why its taking up 70% cpu and causing syslogd to take up 20%(./portsentry -tcp). Also when I try to ping it from different places, its logged as the same incident. If the output was a bit more consistent, using perl to get a summary wouldnt be a problem at all. A.Sajjad Austin Kurahone wrote: > Portsentry + Perl. Edit syslog.conf to log to a seperate file, and a bit of > perl voodoo to parse and do summaries. (Cron it to run once a month). > > I've had generaly good luck with it, and the code seems to be farily good, > which is essential for such things... > > -- > Austin K. Kurahone > Tokyo Linux Users Group / SIGUSR1 R&D > Hail Eris! All Hail Discordia! > "Never frighten a small man. He'll kill you." --Lazarus Long > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature
- References:
- Logging port scans
- From: "A.Sajjad Zaidi" <sajjad@example.com>
- Re: Logging port scans
- From: Austin Kurahone <austin@example.com>
- Logging port scans
- Prev by Date: Re: who's coming? (was Re: [announcement] 12/15 "bonenkai" @example.com TokyoEkiMae)
- Next by Date: Re: rsync
- Prev by thread: Re: Logging port scans
- Next by thread: Re: Logging port scans
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |