Einzelnen Beitrag anzeigen
3. June 2009, 14:44   #2
Bandwurm
Erde, Wind & Feuer
 
Benutzerbild von Bandwurm
 
Registriert seit: February 2002
Ort: Ockershausen
Beiträge: 7.669
Hierzu mal ein Beispiel, welche automatische E-Mail man bekommt, wenn mal wieder ein "Oberschlauer" versucht auf meinen Server krumme Dinge zu veranstalten:

Code:
OSSEC HIDS Notification.
2009 Jun 03 01:59:34

Received From: s15327960->/var/log/messages
Rule: 3911 fired (level 10) -> "Multiple connection attempts from same source."
Portion of the log(s):

Jun  3 01:59:34 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun  3 01:59:30 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun  3 01:59:27 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun  3 01:59:24 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun  3 01:59:21 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun  3 01:59:17 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun  3 01:59:14 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun  3 01:59:11 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun  3 01:59:07 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun  3 01:59:04 s15327960 pop3d: Connection, ip=[196.217.144.149]