aru Posted January 13, 2003 Report Share Posted January 13, 2003 daYz Frequent user Joined: 01 May 2002 Posts: 73 Location: The Netherlands Post Posted: Thu May 02, 2002 6:54 pm Post subject: Realtime firewall alerts _________________________________________________________________ This command comes in handy if you want real time alerts if your firewall does not support them: Open a terminal (K->terminals) type su (This way you get superuser (root) status, so you can do al the things where you must be root for.(like file editing or so) Your password Then: tail -f /var/log/messages (Or another log file) This way you will be noticed about attacks on your computer in real time. If you see another ip behind SRC= its likely that your being attacked. 192.168.*.* is from your internal network. Enjoy. mwilliams15 Frequent user Joined: 01 May 2002 Posts: 68 Location: central N.C., USA Post Posted: Fri May 03, 2002 9:05 am Post subject: _________________________________________________________________ You can download the root-tail app and have the messages displayed directly to your desktop, set your font, colors-makes for a pretty funky look. See it in action here. Upper left corner, please forgive the smeared colors. arusabal Moderator Joined: 17 Apr 2002 Posts: 836 Location: Spain Post Posted: Fri May 03, 2002 9:46 am Post subject: _________________________________________________________________ There is a tool called swatch which is very useful in this case. It's just a watcher to monitor system activity. It can be very useful if it's configured to search for patterns and to perform an action when such patterns are found. Example of usage: Code: "swatch --config-file=~/.swatchrc --tail-file=/var/log/messages" Where ~/.swatchrc is the config file, which could be like this: Code: watchfor /Relaying denied|expn/ echo=normal mail=root@localhost,subject=--- Sendmail Alert! --- throttle 5:00 0:16 In the example, "/Relaying denied|expn/", if swatch matches either pattern in the regular expression, it will send an alert. The first pattern "Relaying denied" is the result of someone attempting an unauthorized mail relay. The pattern "expn" is the result of someone attempting to use the expn command. The "echo=normal,mail=root@localhost" will email a warning to root and echo the matched log entry. The third and fourth field (which are optional), have "5:00 0:16". This states do not repeat any warning for identical patterns matched within 5 minutes. The last field states the location and length of the timestamp. You'll find more in man swatch michael Frequent user Joined: 14 Jul 2002 Posts: 92 Post Posted: Sun Jul 14, 2002 9:04 pm Post subject: Is it for...? _________________________________________________________________ Is it for all linux or is it only for openlinux...? Any Idea MArk Frequent user Joined: 11 Jul 2002 Posts: 80 Location: Dublin, Ireland Post Posted: Sun Jul 14, 2002 9:41 pm Post subject: _________________________________________________________________ openlinux??? Question as in caldera? b Frequent user Joined: 22 Apr 2002 Posts: 82 Location: Québec Post Posted: Fri Aug 16, 2002 5:51 am Post subject: _________________________________________________________________ xtail: for me a very recently encoutered gem. It can watch every file in say /var/log (not it's directorys) like so: xtail /var/log It's ancient. It's tiny. It's at http://www.unicom.com/sw/xtail/ 2e4717c591a2cbbd4aeb63d00c87a0cb xtail-2.1.tar.gz filesize 26769 Very short manpage and readme included. Small is beautiful. bvc81 Eric Joined: 04 Jun 2002 Posts: 1014 Location: Houston, Texas Post Posted: Fri Aug 16, 2002 6:13 am Post subject: _________________________________________________________________ For anyone interested in tail -f /var/log/messages (Or another log file) and not interested in having to open a terminal and entering the command (and if you don't know how to) put something like this in you ~/.xinitrc to run at the startup of your WM. (sleep 1; Eterm --trans --shade 20 -g 85x15+00+00 -e tail -f /var/log/messages) & Use any terminal you want, and if it supports it, any size. Editor's note: This thread was originally posted at the old MUB (Mandrake User Board at club-nihil). This post is the result of a 99% automatic backup, so due to its nature some text may be lost (improbable but possible). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.