Maybe psad (Port Scan Attack Detector) is that what are you looking for. Check http://cipherdyne.org/psad/index.html. There is also a great book about this program (and 3 additional programs as well) written by the author of these programs. This book covers psad (analyser of iptables logs), fwsnort (translator of Snort rules into iptables rules), fwknop (single packet authorization) and ways how to visualize iptables logs. Details can be found at http://www.nostarch.com/firewalls_mr.htm. I hope this helps... Tomáš Vlček On Sun, May 30, 2010 at 4:28 PM, ratheesh k <ratheesh.ksz@xxxxxxxxx> wrote: > > Hi , > > I have implemented firewall in my linux machine using > iptables . It is able to prevent attacks and LOG just before dropping > packets . Since i know a little about iptables , i could go thru > /var/log/messages and find out information about attacks . Is there > any application which will analyze logs and give a brief information > to user about the attacks ? > > For example , suppose there was a syn flood attack ,the application > should analyse the /var/log/messages or by some means should know > about the attack and let the user know about that .If there is no > application , could you give some hints on how to develop an > application .Any comment is appreciated . > > Thanks, > Ratheesh > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
