Lestat 0.3

Lestat provides a connection/port scan monitoring system.

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!
send us
an update
GPL (GNU General Public License) 
Steve Kemp
ROOT \ System \ Monitoring
Lestat provides a connection/port scan monitoring system.

Lestat is a simple system which is designed to allow trends in port scans to be identified and displayed in a simple manner. The system comprises a Perl agent which collects packets and logs them to a database, and a presentation layer which draws graphs and presents a GUI via PHP.


· libnet-pcap-perl
· libdbi-perl
· php4 php4-gd php4-mysql

Once the software is installed you have a couple of different ways to use the software - you may edit the configuration file to include the IP address and interface you're using to monitor, or you may use the command line arguments like so:
./lestat --user=dbuser --pass=dbpass
--interface=eth1 --address=

This line says that the script should log traffic destined for the IP address, using eth1 as the interface to bind upon, and write the data to the database 'lestat' on the localhost - using the login credentials 'dbuser + dbpass' to connect to it.
More information can be found by running ./lestat --help

What's New in This Release:

· BUGFIX: Ports were not graphed for hours 00-09
· BUGFIX: Fixed the broken '--pass' handler.
· DOCUMENTATION: Updated installation text.
· DOCUMENTATION: Added manpage for lestat.
· DOCUMENTATION: Added manpage for lestat.conf.
· DOCUMENTATION: Added ChangeLog
· FEATURES: Added 'most-scanned' graph to the view script.
· FEATURES: Added 'global scan' page.
· FEATURES: Created a template layout system, Tara.
· FEATURES: Added attacker detail page.
· MISC: Added install + uninstall targets to Makefile.

Last updated on March 27th, 2007

#port scans #collects packets #presentation layer #Lestat #port #scans #collects

Add your review!