-
March 14th, 2003, 07:04 PM
#1
linux logging question
I am running a linux honeypot and am wondering if its possible to send port scans to a specific log file. For example, I might want to log all port scan attempts for port 31337, and send them to the /var/log/portscan log. Would portsentry work well in this situation? Thanks for any suggestions.
Nate
-
March 14th, 2003, 07:04 PM
#2
linux logging question
I am running a linux honeypot and am wondering if its possible to send port scans to a specific log file. For example, I might want to log all port scan attempts for port 31337, and send them to the /var/log/portscan log. Would portsentry work well in this situation? Thanks for any suggestions.
Nate
-
March 14th, 2003, 08:06 PM
#3
Hrmm. I don't think I've ever configured something like that. You might want to look at snort's logging as they log per port, depending on setup.
-
March 14th, 2003, 08:06 PM
#4
Hrmm. I don't think I've ever configured something like that. You might want to look at snort's logging as they log per port, depending on setup.
-
March 14th, 2003, 08:37 PM
#5
You could write a script, perl or shell, to parse the logfile each day and output the data for each port to it's own specific file......Good project to learn perl and/or shell programming...
-
March 14th, 2003, 08:37 PM
#6
You could write a script, perl or shell, to parse the logfile each day and output the data for each port to it's own specific file......Good project to learn perl and/or shell programming...
-
March 14th, 2003, 09:38 PM
#7
tcpdump -netti IF port X > /var/log/portscan.log for example......quick dirty, but efficient.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
March 14th, 2003, 09:38 PM
#8
tcpdump -netti IF port X > /var/log/portscan.log for example......quick dirty, but efficient.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
March 14th, 2003, 09:57 PM
#9
Originally posted here by d0ppelg@nger
You could write a script, perl or shell, to parse the logfile each day and output the data for each port to it's own specific file......Good project to learn perl and/or shell programming...
I do it kind of like this......only different.
I have traffic from my PIXes going to /var/log/local5 (which is the logging facility I use) then a Perl script picks through that for traffic I consider "interesting". The script changes depending on what I want to look at. Regardless, it dumps it all into a file named /var/log/traffic. I then check out the traffic logs once a day to see if anything strange is going on. So basically, this has been a very long way to say that d0ppelg@nger is right on with how to do it.
-
March 14th, 2003, 09:57 PM
#10
Originally posted here by d0ppelg@nger
You could write a script, perl or shell, to parse the logfile each day and output the data for each port to it's own specific file......Good project to learn perl and/or shell programming...
I do it kind of like this......only different.
I have traffic from my PIXes going to /var/log/local5 (which is the logging facility I use) then a Perl script picks through that for traffic I consider "interesting". The script changes depending on what I want to look at. Regardless, it dumps it all into a file named /var/log/traffic. I then check out the traffic logs once a day to see if anything strange is going on. So basically, this has been a very long way to say that d0ppelg@nger is right on with how to do it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|