LogAnalysis
[logs] How do you cull through serial console logs? Mar 07 2008 09:38PM
Zonker Harris (consoleteam gmail com) (2 replies)
AW: [logs] How do you cull through serial console logs? Mar 10 2008 06:48AM
christian folini post ch
I'd give SEC (Simple Event Correlator) a shot.

These are some good intros:
http://en.hakin9.org/attachments/pdf/hakin9_05_2006_10_EN_str28-39.pdf
http://sixshooter.v6.thrupoint.net/SEC-examples/article.html
http://sixshooter.v6.thrupoint.net/SEC-examples/article-part2.html
http://arstechnica.com/articles/columns/linux/linux-20050519.ars

Cheers,

Christian

-----Ursprüngliche Nachricht-----
Von: loganalysis-bounces (at) loganalysis (dot) org [email concealed] [mailto:loganalysis-bounces (at) loganalysis (dot) org [email concealed]] Im Auftrag von Zonker Harris
Gesendet: Freitag, 7. März 2008 22:38
An: loganalysis (at) loganalysis (dot) org [email concealed]
Betreff: [logs] How do you cull through serial console logs?

I'm using Conserver, which makes reverse-TCP connections to console server serial ports, so I can manage my hosts and net gear. This results in an ASCII text file for each device.

What tool(s) can I use to watch all (500+) files for 'interesting'
strings, like malloc errors, failed logins, net connection/port/link failures?

I've found log watcher, but it is a one- file-at-a-time deal. I'd rather not reinvent the wheel if there is a good answer out there. I'm hoping to get to RSA con this year, and perhaps find other pointers to share.

Thank you for any tips,

=Z=

http://www.conserved.com/consoles/
http://consoleteam.blogspot.com/

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] How do you cull through serial console logs? Mar 08 2008 04:51AM
Michael Kinsley (michael kinsley sensage com) (2 replies)
Re: [logs] How do you cull through serial console logs? Mar 10 2008 01:31PM
Ulisses Reina Montenegro de Albuquerque (ulisses tempest com br)
RE: [logs] How do you cull through serial console logs? Mar 10 2008 08:21AM
Rainer Gerhards (rgerhards hq adiscon com) (1 replies)
RE: [logs] How do you cull through serial console logs? Mar 18 2008 06:24PM
Clayton Dukes (cdukes) (cdukes cisco com) (1 replies)
RE: [logs] How do you cull through serial console logs? Mar 19 2008 05:41PM
Balazs Scheidler (bazsi balabit hu) (1 replies)
RE: [logs] How do you cull through serial console logs? Apr 03 2008 03:00AM
Clayton Dukes (cdukes) (cdukes cisco com)


 

Privacy Statement
Copyright 2010, SecurityFocus