ScanAlert was built to analyze iptables log entries in real time and report detected
port scans to syslogd. From there you can use a daemon like logdog to take action if
desired, or you can manually review the logs later if you prefer.
ScanAlert is designed to be very effecient, and as such takes a (little) bit of work to get it
installed. It is a very nice tool though, because it doesn't need special permissions or
kernel modules, and it doesn't listen on any network ports. It can also be used to monitor
a whole network of hosts if you syslog to a central server.
ScanAlert is written in Perl and does not require any special modules. It has a straight
forward interface and configuration file making it very easy to use.
Latest RC: scanAlert-v1.00-RC5.tar.gz   (15.1kb)
Extract the package and read the INSTALL file.
The configuration file is /etc/scanAlert.conf. The comments in the file should explain all the options.
Email me if you have questions.
Included in the package is a script called rc.scanAlert. You can use this (in your /etc/rc.d/) directory to start and stop
To have an alert automatically sent to you when a portscan is detected try installing LogDog.
- Version 1