[c-nsp] Log analyzer/ACL advice
Roland Dobbins
rdobbins at cisco.com
Fri Jan 5 12:29:38 EST 2007
On Jan 5, 2007, at 8:25 AM, Jason Lewis wrote:
>> Has anyone ever found a
>> package or a simple script for linux that will look in the /
>> messages log
>> (or any other log) and advise ACL/Null routes based on observed
>> attacks?
In addition to the other good advice folks have given, NetFlow with
various commercial tools such as Arbor/Lancope/Narus/Q1, or freeware
tools such as nfdump/nfsen, can be helpful in this regard.
For something which watches syslog, search for 'System Event
Correlator'.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Technology is legislation.
-- Karl Schroeder
More information about the cisco-nsp
mailing list