Because psad stores various data within the /var/log/psad directory as it monitors iptables logs, you can rummage around in this directory to get a sense of how heavily scanned your system is.
Of course, most people don't relish manually sifting through tons of /var/log/psad/ip directories and associated files, so psad automates the process by providing the ability to query the local filesystem for status information on the running psad daemon. This involves executing psad from the command line with the --Status
argument, as shown in Listing 7-1:
[iptablesfw]# psad --Status
❶ [+] psadwatchd (pid: 27812) %CPU: 0.0 %MEM: 0.0 Running since: Mon Jul 2 13:58:07 2007 [+] kmsgsd (pid: 27810) %CPU: 0.0 %MEM: 0.0 Running since: ...
No credit card required