* Iptables Email Alerting
@ 2004-03-15 18:08 Real Cucumber
2004-03-15 18:15 ` David Cannings
0 siblings, 1 reply; 4+ messages in thread
From: Real Cucumber @ 2004-03-15 18:08 UTC (permalink / raw)
To: netfilter
Does anyone know if it is possible to have IPtables
send email alerts
based on certain traffic?
I'm looking for something similair to the -j LOG
option, perhaps a -j MAIL ?
I realize that I could setup a manual cronjob to scan
the logfiles via grep and search for certain
activities, but it would obviously be much better to
have alerts sent in realtime.
Any ideas?
__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Iptables Email Alerting
2004-03-15 18:08 Iptables Email Alerting Real Cucumber
@ 2004-03-15 18:15 ` David Cannings
2004-03-15 18:52 ` forum
0 siblings, 1 reply; 4+ messages in thread
From: David Cannings @ 2004-03-15 18:15 UTC (permalink / raw)
To: netfilter
On Monday 15 March 2004 18:08, Real Cucumber wrote:
> Does anyone know if it is possible to have IPtables
> send email alerts
> based on certain traffic?
>
> I'm looking for something similair to the -j LOG
> option, perhaps a -j MAIL ?
You could quite possibly jump to a userspace script that handles this. I
believe the target is QUEUE, but support will need to be compiled into
your kernel to support it.
David
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Iptables Email Alerting
@ 2004-03-15 18:20 Daniel Chemko
0 siblings, 0 replies; 4+ messages in thread
From: Daniel Chemko @ 2004-03-15 18:20 UTC (permalink / raw)
To: Real Cucumber, netfilter
Netfilter is kernel space and there isn't email support in the kernel.
My advice is either using crontab or write your own daemon to probe
every few seconds.
Real Cucumber wrote:
> Does anyone know if it is possible to have IPtables
> send email alerts
> based on certain traffic?
>
> I'm looking for something similair to the -j LOG
> option, perhaps a -j MAIL ?
>
> I realize that I could setup a manual cronjob to scan
> the logfiles via grep and search for certain
> activities, but it would obviously be much better to
> have alerts sent in realtime.
>
> Any ideas?
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - More reliable, more storage, less spam
> http://mail.yahoo.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Iptables Email Alerting
2004-03-15 18:15 ` David Cannings
@ 2004-03-15 18:52 ` forum
0 siblings, 0 replies; 4+ messages in thread
From: forum @ 2004-03-15 18:52 UTC (permalink / raw)
To: netfilter
> > I'm looking for something similair to the -j LOG
> > option, perhaps a -j MAIL ?
>
> You could quite possibly jump to a userspace script that handles this.
> I believe the target is QUEUE, but support will need to be compiled into
> your kernel to support it.
I think your best bet is to use an IDS such as snort; this is ideal for
rudimentary log or traffic analysis, and can send all kinds of alerts.
--
forum@users.pc9.org
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-03-15 18:52 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-03-15 18:08 Iptables Email Alerting Real Cucumber
2004-03-15 18:15 ` David Cannings
2004-03-15 18:52 ` forum
-- strict thread matches above, loose matches on Subject: below --
2004-03-15 18:20 Daniel Chemko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.