Security Basics mailing list archives
log monitoring, changing iptables
From: Tom Boulay <tboulay () biomail ucsd edu>
Date: 22 Nov 2004 18:09:05 -0800
Hi, I'm sorry if this is overly simple, I'm just new to it. I'm trying to figure out a way to monitor my system logs and use that information to ignore traffic from an IP address for, say, 15 minutes after three failed login attempts. My machine (2.4.x) only has ssh listening. My logs seem to have some marathon repeated root login attempts on the weekends, and I would like to discourage those by including the 15 minute delay. How would I monitor the /var/log/messages? Do I need to use something like sec? Thanks, Tom
Current thread:
- log monitoring, changing iptables Tom Boulay (Nov 23)
- Re: log monitoring, changing iptables Alexander Klimov (Nov 24)
- Re: log monitoring, changing iptables Jorge Gajon (Nov 27)
- Re: log monitoring, changing iptables Alexander Klimov (Nov 24)