[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Cobalt SHP & Portsans

Subject: Re: [cobalt-users] Cobalt SHP & Portsans
From: "Jens-Peter Otto" <jp.otto@xxxxxxxxxxxxxxx>
Date: Wed Aug 14 02:32:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> The logs:
> eth0:portscan: 3/3/icmp x.x.x.x3 -> x.x.x.x2 102 (22)
 
> Is anybody can explain what's mean each column ?

The mail usually only contains one line per incident?! There is however a logfile (/var/log/phoenix.log) that shows the time and date as well. I also found http://www.sun.com/hardware/serverappliances/pdfs/manuals/manual.adaptive-firewall.pdf 

On page 61 starts a chapter 'Understanding the Adaptive Firewall Log File'. 

The "firewall file" the document mentions seems to be at /etc/scandetection/scandetection.fwall

Sorry, can't tell you what's going on in your box, maybe you can compare the timestamps with entries in other logfiles ...


Jens-Peter

Follow-Ups:
- RE: [cobalt-users] Cobalt SHP & Portsans
  - From: Jozsef Szilagyi

References:
- [cobalt-users] Cobalt SHP & Portsans
  - From: Jozsef Szilagyi

Prev by Date: [cobalt-users] Publishing on virtual host using ftp ?
Next by Date: Re: [cobalt-users] Publishing on virtual host using ftp ?
Previous by thread: [cobalt-users] Cobalt SHP & Portsans
Next by thread: RE: [cobalt-users] Cobalt SHP & Portsans

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index