Psad
 

Has anyone had any problems with Psad and Gentoo.
I used Psad on Slackware sometime back, and never had any "problems", now with Gentoo werid things seem to be happening. I have configured psad the exact way as I did on slackware(internal subnet mask, etc) and I have followed the steps you need to take with adding rules/chains to iptables.

The "werid" problems would fit into this category:
1. nmap localhost - psad takes that as offensive
2. nmap from outside - psad dose nothing, well *sometimes* which can be kinda a pain
3. nmap localhost - psad sends about a million emails to the "alert" address

This never happened on slackware.

Anyone maybe having the same "werid" problems

anyone??...

The thing is.. I've never heard of psad.. but just a very vague overview would suggest that obviously there's something on Gentoo which is causing Psad to trigger all these alerts(false positives) if you may.

I'd go back to the configuration files; maybe configure it again on Slackware and just copy the config over to Gentoo. There've been times when I thought everything was the same but it wasn't.

I know this might sound very unhelpful..but I'd just recheck the basics once again. If its still not working you might want to test it on another distro like Fedora and see what you get there.

Cheers
Arvind

I've checked, and rechecked. It seems like Gentoo just dosent like psad. Oh well, I might give snort a go

thanks anyway
Bruce