On Wed, Jun 21, 2006 at 03:01:48PM -0400, Yaroslav Halchenko wrote: > I'm wondering may be it would be better to reassign this bug over to > fwlogwatch which was crafted for the purpose of generating such reports? > So probably it just needs few rules to parse fail2ban log files... or > actually can be just used in fwban action > > :-) what do you think?
hehe. good point :-) > > > > apt-cache show fwlogwatch > Package: fwlogwatch > Depends: postfix | mail-transport-agent, debconf (>= 1.2.0) | debconf-2.0, > sysklogd | system-log-daemon, libc6 (>= 2.3.6-6), zlib1g (>= 1:1.2.1) > Description: Firewall log analyzer > fwlogwatch produces ipchains, netfilter/iptables, ipfilter, Cisco IOS and > Cisco PIX log summary reports in text and HTML form and has a lot of > options to find and display relevant patterns in connection attempts. With > the data found it can also generate customizable incident reports from a > template and send them to abuse contacts at offending sites or CERT > coordination centers. Finally, it can also run as daemon and report > anomalies or start countermeasures. > Tag: devel::library, interface::daemon, role::sw:server, > security::log-analyzer, use::scanning, works-with::logfile > > > also sprach Roel van der Made <[EMAIL PROTECTED]> [2006.06.21.1346 +0200]: > > > Indeed, the preparation option would be nice, I now see hosts > > > beeing blocked several times a day and nothing it beeing done with > > > it anymore, which is a shame I think. > > Do note that many of these attacks are auto-mounted. There is very > > little an ISP can do when they receive a complaint about a host that > > has been trojaned, unless their terms of contract require users to > > maintain secure systems, which is impossible to prove or verify. > -- > .-. > =------------------------------ /v\ ----------------------------= > Keep in touch // \\ (yoh@|www.)onerussian.com > Yaroslav Halchenko /( )\ ICQ#: 60653192 > Linux User ^^-^^ [175555] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
