Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: linux logging question

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Posts
    167

    linux logging question

    I am running a linux honeypot and am wondering if its possible to send port scans to a specific log file. For example, I might want to log all port scan attempts for port 31337, and send them to the /var/log/portscan log. Would portsentry work well in this situation? Thanks for any suggestions.

    Nate

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    167

    linux logging question

    I am running a linux honeypot and am wondering if its possible to send port scans to a specific log file. For example, I might want to log all port scan attempts for port 31337, and send them to the /var/log/portscan log. Would portsentry work well in this situation? Thanks for any suggestions.

    Nate

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Hrmm. I don't think I've ever configured something like that. You might want to look at snort's logging as they log per port, depending on setup.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Hrmm. I don't think I've ever configured something like that. You might want to look at snort's logging as they log per port, depending on setup.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Member
    Join Date
    Mar 2003
    Posts
    99
    You could write a script, perl or shell, to parse the logfile each day and output the data for each port to it's own specific file......Good project to learn perl and/or shell programming...

  6. #6
    Member
    Join Date
    Mar 2003
    Posts
    99
    You could write a script, perl or shell, to parse the logfile each day and output the data for each port to it's own specific file......Good project to learn perl and/or shell programming...

  7. #7
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    tcpdump -netti IF port X > /var/log/portscan.log for example......quick dirty, but efficient.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  8. #8
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    tcpdump -netti IF port X > /var/log/portscan.log for example......quick dirty, but efficient.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  9. #9
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Originally posted here by d0ppelg@nger
    You could write a script, perl or shell, to parse the logfile each day and output the data for each port to it's own specific file......Good project to learn perl and/or shell programming...
    I do it kind of like this......only different.

    I have traffic from my PIXes going to /var/log/local5 (which is the logging facility I use) then a Perl script picks through that for traffic I consider "interesting". The script changes depending on what I want to look at. Regardless, it dumps it all into a file named /var/log/traffic. I then check out the traffic logs once a day to see if anything strange is going on. So basically, this has been a very long way to say that d0ppelg@nger is right on with how to do it.

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Originally posted here by d0ppelg@nger
    You could write a script, perl or shell, to parse the logfile each day and output the data for each port to it's own specific file......Good project to learn perl and/or shell programming...
    I do it kind of like this......only different.

    I have traffic from my PIXes going to /var/log/local5 (which is the logging facility I use) then a Perl script picks through that for traffic I consider "interesting". The script changes depending on what I want to look at. Regardless, it dumps it all into a file named /var/log/traffic. I then check out the traffic logs once a day to see if anything strange is going on. So basically, this has been a very long way to say that d0ppelg@nger is right on with how to do it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •