As I use ClearOS and the new reporting I still find myself mostly leaning on Splunk and checking logs from there. Primarily due to the open field searching and indexing. I generally just check the "secure" log file since as far as I can tell IDS/IPS hits are logged there.
To make a long story short, I would love to see reporting in ClearOS that tied this portion all together in a nice neat bow. I think even once screen could do it. (I think a similar thing could be done with Content Blocking).
But I think personally it should look something like this.
================================================================================================
IP | TIME | SNORTRULE# | REASON | IDS/IPS HIT? | # OF HITS(24hr period) | ACTION TAKEN
================================================================================================
It would be great if there were on this an option to block an address either temporarily or permanently.
Thanks,
Donnie
To make a long story short, I would love to see reporting in ClearOS that tied this portion all together in a nice neat bow. I think even once screen could do it. (I think a similar thing could be done with Content Blocking).
But I think personally it should look something like this.
================================================================================================
IP | TIME | SNORTRULE# | REASON | IDS/IPS HIT? | # OF HITS(24hr period) | ACTION TAKEN
================================================================================================
It would be great if there were on this an option to block an address either temporarily or permanently.
Thanks,
Donnie
Share this post:
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »