From mboxrd@z Thu Jan 1 00:00:00 1970 From: ratheesh k Subject: Re: Advanced Logging Date: Fri, 4 Jun 2010 07:47:14 +0530 Message-ID: References: Mime-Version: 1.0 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=8IcaPFr7sbpd/7+8+GvlniImLCScxLJSqajIPwBq0ss=; b=pw0p/nEuZEmR3Icl7B/bhItGDFRICI9FyuHKt1bC0aYPW91a747D0K6EfZOGMpU2xG ViYwjUJTTiroG1/6fphPj3yk7+6dzUBCGQEI/+UG9kKH2CCwWIcukcjdeio+MI6JGgpo AkRUp6sgCHQjkKoaovkAZUxgaHkO88iNvYxak= In-Reply-To: Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="utf-8" To: Jan Engelhardt Cc: Netfilter mailing list , ulogd@lists.gnumonks.org On Fri, Jun 4, 2010 at 12:32 AM, Jan Engelhardt wr= ote: > > On Thursday 2010-06-03 20:15, ratheesh k wrote: >>2010/5/30 Tom=C3=A1=C5=A1 Vl=C4=8Dek : >>> Maybe psad (Port Scan Attack Detector) is that what are you looking >>> for. Check http://cipherdyne.org/psad/index.html. >> >>I gone through the link . It seems to be heavy for my embedded applic= ation . > > Yes it looks complicated from a developer POV. I myself think > why would it have to put up with analyzing log messages > (which are known to be not overly precise) when direct delivery > with libnetfilter_queue/_log seems like a more ideal goal - > eliminating the extra trip through syslog and the fs. \ Thanks Jan . ulogd demon could be modified to do analysis of packet to find out what of kind of attack has taken place ? -Ratheesh