I suggest running snort in NIDS mode to have snort inspect the packets against its ruleset.
Snort will log to a DB, ascii file, sub directories, However you want it.
You want e-mail notification, I suggest logging to syslog (-s option) and using swatch to
watch syslog and e-mail you when it see's something. (This will be ALOT of e-mails).
Anything else you want to do?
Cheers,
Alberto Gonzalez.
PS> If you just want to sniff, use tcpdump.
SchmiTTT wrote:
Hello,
ethereal
or
snort
besides:
does anybody know, where the source-code of 'xconsole' is ???
Regards
Tino.
Am Mon, 2002-12-30 um 11.31 schrieb paras:
hi all
what is the best tool to use to monitor my network and my servers for intruders and hackers?. if some one scans my network i want the action to be notice in my mail or something like that.
i have heard of snort. beside this which is better tool?
Thanks
Paras.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
--
The secret to success is to start from scratch and keep on scratching.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
