A lightweight (distributed?) network security monitor for TCP/IP+Ethernet LANs. It will capture certain network events and record them in a relational database. The recorded data will be available for analysis through a CGI based interface. . . .
A lightweight (distributed?) network security monitor for TCP/IP+Ethernet LANs. It will capture certain network events and record them in a relational database. The recorded data will be available for analysis through a CGI based interface.

Well, I've said "It will...", "It won't..."... but it all is already coded and working, I'm currently testing it on a campus network (UIB) with 3000+ thingies connected, some GigaBit Ethernet backbones, etc. Believe me, it works and it's optimized ;-D

I just want to share it! It's not finished, because I want to add some features such as portscan detection, spam filtering, script-kiddie detection, etc. And I'd like to improve the web interface to make it more user-friendly, allow 'monitord' configuration changes, etc. And it could be easily modified to be distributed: I could have several 'monitord' running in different places of a medium/big network and recording information in a central (or distributed) database... this could help detecting MAC address spoofing...