[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] portsentry / watchlog
- Subject: [cobalt-security] portsentry / watchlog
- From: eicherlist <eicherlist@xxxxxxxxxx>
- Date: Fri, 8 Jun 2001 08:27:55 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
hi list
I'm working with portsentry on a RAQ3. I would like to be informed by not
allowed scans of wellknown ports, with an email. that works everything. if
somebody scans on all thousand wellknown ports, then i get for every scan a
email.
what is wrong on the following pattern-definition? (swatch-3.0.1)
config on watchlog:
watchfor /attackalert|expn/
echo=normal
mail=alarm,subject=--- Attack Alert! ---
throttle 5:00 0:16
thanks
rene