Lestat provides a connection/port scan monitoring system.
Lestat is a simple system which is designed to allow trends in port scans to be identified and displayed in a simple manner. The system comprises a Perl agent which collects packets and logs them to a database, and a presentation layer which draws graphs and presents a GUI via PHP.
· php4 php4-gd php4-mysql
Once the software is installed you have a couple of different ways to use the software - you may edit the configuration file to include the IP address and interface you're using to monitor, or you may use the command line arguments like so:
./lestat --user=dbuser --pass=dbpass
This line says that the script should log traffic destined for the IP address 192.168.0.22, using eth1 as the interface to bind upon, and write the data to the database 'lestat' on the localhost - using the login credentials 'dbuser + dbpass' to connect to it.
More information can be found by running ./lestat --help
What's New in This Release:
· BUGFIX: Ports were not graphed for hours 00-09
· BUGFIX: Fixed the broken '--pass' handler.
· DOCUMENTATION: Updated installation text.
· DOCUMENTATION: Added manpage for lestat.
· DOCUMENTATION: Added manpage for lestat.conf.
· DOCUMENTATION: Added ChangeLog
· FEATURES: Added 'most-scanned' graph to the view script.
· FEATURES: Added 'global scan' page.
· FEATURES: Created a template layout system, Tara.
· FEATURES: Added attacker detail page.
· MISC: Added install + uninstall targets to Makefile.