Intrusion Detection and Log Analysis
Having the ability to detect network activity pointing to an intrusion attempt on the server, the system administrator can take appropriate measures in time. That’s why there are intrusion detection systems.
The psad tool (port scan attack detection) is software that monitors the firewall logs to detect a scan or attack on the server, and then can alert administrators or take proactive steps to contain the threat. In addition, the pshad includes many TCP, UDP and ICMP signatures included in the Snort intrusion detection system. Psad usually work on Linux systems and is available in package repositories of many major Linux distributions.
In this article, you can learn more about the features of this tool, and with the methodology.