G
Guest
Guest
Archived from groups: comp.security.firewalls (More info?)
Hi to all
I'm looking for a I.D.S. or a configurable log analyzer who can acquire
syslog from a firewall (actually I'm using a netgear's FR114P).
I've tried with kiwi syslog analyzer, but my goal is not only to collect
log, but possibly to signal when a strange activity is reported (a ping, a
simple, isolated portscan or an attempt to establish a connection can be
considered a "normal" noise in internet, 10 portscan or something other
repetitive can be considered a "real" attack).
Now with kiwi syslog a complete portscan realize 65000 logs... really not
friendly. The optimum can be a pop-up who tells me there is an attack from
an IP, or something similar.
Can you help me?
Thank you very Much
Michele
Hi to all
I'm looking for a I.D.S. or a configurable log analyzer who can acquire
syslog from a firewall (actually I'm using a netgear's FR114P).
I've tried with kiwi syslog analyzer, but my goal is not only to collect
log, but possibly to signal when a strange activity is reported (a ping, a
simple, isolated portscan or an attempt to establish a connection can be
considered a "normal" noise in internet, 10 portscan or something other
repetitive can be considered a "real" attack).
Now with kiwi syslog a complete portscan realize 65000 logs... really not
friendly. The optimum can be a pop-up who tells me there is an attack from
an IP, or something similar.
Can you help me?
Thank you very Much
Michele