Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] MAD configuration

To: [email protected]
Subject: [FW-1] MAD configuration
From: Anuska Aragon Fernandez <[email protected]>
Date: Mon, 25 Feb 2002 12:34:47 +0100
Organization: U.R.
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi all,

I'm trying to use the MAD feature of fw1.
The only information I get after changing in cpmad_config.conf the MAD_*_action to "mail", is this kind of messages:

3:46:55 accept 127.0.0.1 > mail product MAD attack successive_alerts

I have this questions:

- How can I receive more information in the message, such as source ip address, service, ... ?
- How can I use a script to process the information of an mad alert message? Where can I configure it? What kind of information the script should expect to receive?
- Where can I find documentation about the configuration files?

Thanks in advance.

-- 
A n u s k a     A r a g ó n
Servicio Informático              e-mail: [email protected]
Universidad de La Rioja           Tf.:    +34 941 299233
Av. de La Paz 93, 26004 Logroño   Fax:    +34 941 299180

Prev by Date: Re: [FW-1] AW: [FW-1] NAT and anti-spoofing
Next by Date: [FW-1]
Previous by thread: Re: [FW-1] AW: [FW-1] NAT and anti-spoofing
Next by thread: [FW-1] Strange log entries for domain-udp packets
Index(es):
- Date
- Thread