[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: reviewing httpd access log

To: marius <anarcap@gmail.com>
Subject: Re: reviewing httpd access log
From: "L. V. Lammert" <lvl@omnitec.net>
Date: Sun, 1 Aug 2004 19:16:42 -0500 (CDT)
Cc: J Moore <jaymo@cullmail.com>, misc@openbsd.org
References: <20040801174234.GA76@kingcull.cullmail.com> <22318ee504080110473149b27a@mail.gmail.com>

On Sun, 1 Aug 2004, marius wrote:

> On Sun, 1 Aug 2004 12:42:34 -0500, J Moore <jaymo@cullmail.com> wrote:
> >
> > Is there a good technique for automatically identifying these
> > trouble-makers? I'd like to be able to build a "deny" table for pf to
> > halt repeat offendors, but I can't afford the time to review the logs
> > "manually".
> >
>
> Check out Snort... http://www.snort.org/
>
Unfortunately, snort does not communicate with pf. If anyone HAS done this
sort of setup, please let everyone know.

	Lee

================================================
  Leland V. Lammert            lvl@omnitec.net
    Chief Scientist     Omnitec Corporation
 Network/Internet Consultants   www.omnitec.net
================================================

Follow-Ups:
- Re: reviewing httpd access log
  - From: Chris Kuethe <ckuethe@ualberta.ca>
- Re: reviewing httpd access log
  - From: chakl@syscall.de (Olaf Schreck)

References:
- reviewing httpd access log
  - From: J Moore <jaymo@cullmail.com>
- Re: reviewing httpd access log
  - From: marius <anarcap@gmail.com>

Prev by Date: Re: Patch Installation
Next by Date: Re: PF and a feauture I requested weeks ago
Prev by thread: Re: reviewing httpd access log
Next by thread: Re: reviewing httpd access log
Index(es):
- Date
- Thread