Linux logo
top bar left/images/caspian/software-scanalert.jpgtop bar right
menu top
menu bottom
A Utility for Monitoring IPTables Logs and Reporting Port Scans


ScanAlert was built to analyze iptables log entries in real time and report detected port scans to syslogd. From there you can use a daemon like logdog to take action if desired, or you can manually review the logs later if you prefer.
ScanAlert is designed to be very effecient, and as such takes a (little) bit of work to get it installed. It is a very nice tool though, because it doesn't need special permissions or kernel modules, and it doesn't listen on any network ports. It can also be used to monitor a whole network of hosts if you syslog to a central server.
ScanAlert is written in Perl and does not require any special modules. It has a straight forward interface and configuration file making it very easy to use.


Latest RC: scanAlert-v1.00-RC5.tar.gz   (15.1kb)

Extract the package and read the INSTALL file.

The configuration file is /etc/scanAlert.conf. The comments in the file should explain all the options. Email me if you have questions.

Included in the package is a script called rc.scanAlert. You can use this (in your /etc/rc.d/) directory to start and stop scanAlert.

To have an alert automatically sent to you when a portscan is detected try installing LogDog.

All Versions:
Version 1
scanAlert-v1.00-RC5.tar.gz   (15.1kb)
scanAlert-v1.00-RC4.tar.gz   (15.0kb)
scanAlert-v1.00-RC3.tar.gz   (14.9kb)
scanAlert-v1.00-RC2.tar.gz   (11.9kb)

bottom left bottom right