Linux logo
top bar left/images/caspian/software-scanalert.jpgtop bar right
menu top
 
menu bottom
 
 
A Utility for Monitoring IPTables Logs and Reporting Port Scans

 

About:
ScanAlert was built to analyze iptables log entries in real time and report detected port scans to syslogd. From there you can use a daemon like logdog to take action if desired, or you can manually review the logs later if you prefer.
ScanAlert is designed to be very effecient, and as such takes a (little) bit of work to get it installed. It is a very nice tool though, because it doesn't need special permissions or kernel modules, and it doesn't listen on any network ports. It can also be used to monitor a whole network of hosts if you syslog to a central server.
ScanAlert is written in Perl and does not require any special modules. It has a straight forward interface and configuration file making it very easy to use.

Download:

Latest RC: scanAlert-v1.00-RC5.tar.gz   (15.1kb)

Installation
Extract the package and read the INSTALL file.

Configuration
The configuration file is /etc/scanAlert.conf. The comments in the file should explain all the options. Email me if you have questions.

Running
Included in the package is a script called rc.scanAlert. You can use this (in your /etc/rc.d/) directory to start and stop scanAlert.

Monitoring
To have an alert automatically sent to you when a portscan is detected try installing LogDog.


All Versions:
Version 1
scanAlert-v1.00-RC5.tar.gz   (15.1kb)
scanAlert-v1.00-RC4.tar.gz   (15.0kb)
scanAlert-v1.00-RC3.tar.gz   (14.9kb)
scanAlert-v1.00-RC2.tar.gz   (11.9kb)

   
  
bottom left bottom right