Hello David,
Im developing a software (i have called SAS) which is able to analise all the
syslogs logs (thru a pipe) and then it can trigger some methods.
The main use of the software was to parse the syslog'logs and then insert them
into a MySQL db. But, since it *could*, i also added support for triggers ;o)
It can currently trigger methods by analising the 3 fields available in the log:
loghost <- the server which sent the messange
logprog <- the program which sent the message
logmesg <- the message
I have implemented the following methods:
mail
sms
winpopup
script
ignore
mysql
block <- not yeat working..but it will be able to contact other physical
equipment to block a machine on the network.
You can trigger the methods with "+" and "-" analisys...
Example:
mail::mail_to::subject::warning_message::field::message
sms::path_to_certificate::username::destination::warning_message::field::messa
ge
Oh...you can also use $loghost, $logprog and $logmesg on your reports..since it
will change those words with their values [couf..dirty'pseudo scripting ;o)]
Since most of the software can log to syslog (and those who cant, "can call
"logger"")...this could solve your problem?
We are currently implementing my software together with SNORT to be able to know
in real time if anything wrong goes on the network.
Ill soon release it under the GPL. It is (100%) developed in C :o)
Mail me if you are interested :o)
Best regards,
Luís Silva
CICA - Unidade Qualidade e Seguranca
Faculdade de Engenharia da Universidade do Porto
Portugal
Quoting David Puckett <dpuckett@cityoforange.org>:
Hello,
Does anyone know of a freeware or open source program that will monitor for
unwanted attempts. (connects/scans/etc).
(not wanting to use just a syslog from the router)
Thanks,
David
David Puckett
Network Operations Manager
City of Orange - ACS
(714) 744-2290 - Work <?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" />
(949) 533-8745 - Cell
dpuckett@cityoforange.org
