scanAlertScanAlert was built to analyze iptables log entries in real time and report detected port scans to syslogd. From there you can use a log monitoring daemon (lik...
ScanAlert was built to analyze iptables log entries in real time and report detected port scans to syslogd. From there you can use a log monitoring daemon (like logdog) to take action if desired, or you can manually review the logs later if you prefer. It does not need special permissions, it doesn`t listen on any network ports - it receives iptables messages from syslogd via a FIFO. It runs as a daemon, and supports the HUP signal to reload, has multiple debug levels, and does not require any special perl modules. ScanAlert has a straight forward interface and configuration file making it easy to use and configure.
