O'Reilly logo

Linux Firewalls by Michael Rash

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Forensics Mode

Many people have old syslog files that contain iptables log data lying around on their systems. By using psad in forensics mode, these old logfiles can be used to inform you of suspicious traffic that took place in the past against your system. This information can become particularly helpful if you are trying to track down a real intrusion and want to see what IP addresses may have been scanning your system around the time of a compromise. To run psad in forensics mode, use the -A command-line switch as shown in bold in Listing 7-2 (some output has been abbreviated):

[iptablesfw]# psad -A [+] Entering analysis mode. Parsing /var/log/messages [+] Found 8804 iptables log messages out of 10000 total lines. [+] Processed 1600 packets... ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required