Once you've installed psad, it's time to fire it up. This section gives an overview of basic psad administration and shows you how psad acquires log data from iptables. Run-time activities such as attack detection and passive OS fingerprinting are discussed in the next two chapters.
Initialization scripts bundled with psad are suitable for Red Hat, Fedora, Slackware, Debian, Mandrake, and Gentoo Linux systems. As with many system daemons (such as syslog and Apache), psad should normally be started and stopped via the init script:
# /etc/init.d/psad start * Starting psad ... [ ok ] # /etc/init.d/psad stop * Stopping psadwatchd ... [ ok ] * Stopping kmsgsd ... [ ok ] * Stopping psad ... [ ok ]
When psad ...