lestat v0.3
-----------

  Lestat is a simple system which allows you to keep track of connection
 attempts, port probes, and port scans.

  This is achieved by having a portable, secure, and simple agent running
 upon the machine you wish to monitor.  This agent program will keep track
 of connection attempts and log their details to a database.

  The database is assumed to be upon the same host, but may be located 
 upon a remote machine if desired.

  Once the database has been populated all the details may be browsed via
 a seperate collection of scripts, accessed via your web browser.


Database
--------

  The following is the database schema that I'm using.  Currently the
 setup is very simple and may be exampled in the future:

	table connection 
	{
		char src_address[12];
		char dst_address[12];
		int src_port;
		int dst_port;
		data time;
		unique int id;
	};


  This layout allow queries to be easily consructed to view incoming 
 trends by destination port, source location, or by time.

  (One obvious addition is the inclusion of the first hundred bytes or
 so of a the connection data).


Installation
------------

  Please see the included file, 'INSTALL', for full details.



Questions?
----------

  Mail me...




Steve
---
www.steve.org.uk