Buscar en Mind w/o Soul

lunes, octubre 08, 2007

Visualizador dinámico de logs de seguridad

Un par de herramientas para ver en tiempo real los registros de conexión de actividad red, para detectar de un vistazo si te ha entrado un virus, troyano u otro malware.

Slashdot | Logfiles Made Interesting with glTail
boss claimed it was pretty much impossible to create an entertaining
way to visualize server traffic and events in a short time frame, so of
course I had to prove him wrong. A weekend of neglecting my family
produced a small ruby program which connects to your servers via SSH,
grabs and parses data from Apaches access log and Ruby on Rails
production log, and displays your traffic and statistics in real-time
using a simple OpenGL interface (tested under Linux and Mac OS/X). It's
a bit hard to explain over text, so please have a look at fudgie.org
for an example movie, and more information."

I was about to say that it's a sort of etherape on steroids, but I've
just realised your visualisation could benefit etherape instead (if you
don't know etherape, look it up. No tools identifies a virus infection

EtherApe, a graphical network monitor
EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.

No hay comentarios: