[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] portsentry / watchlog

Subject: [cobalt-security] portsentry / watchlog
From: eicherlist <eicherlist@xxxxxxxxxx>
Date: Fri, 8 Jun 2001 08:27:55 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

hi list

I'm  working with portsentry on a RAQ3. I would like to be informed by not
allowed scans of wellknown ports, with an email. that works everything. if
somebody scans on all thousand wellknown ports, then i get for every scan a
email.

what is wrong on the following pattern-definition? (swatch-3.0.1)

config on watchlog:
watchfor     /attackalert|expn/
        echo=normal
        mail=alarm,subject=--- Attack Alert! ---
        throttle 5:00 0:16

thanks
rene

Prev by Date: Re: [cobalt-security] Might be off topic. Are computers with 168.192.x.x safe from Internet?
Next by Date: RE: [cobalt-security] [RaQ3] Port Sentry
Previous by thread: AW: [cobalt-security] [RaQ3] Port Sentry
Next by thread: [cobalt-security] logcheck problem

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index