Incidents
Security log parser Feb 14 2008 09:16AM
Jason Alexander (jalexander plus net) (5 replies)
Re: Security log parser Feb 15 2008 05:48PM
Bob Toxen (vger verysecurelinux com)
Re: Security log parser Feb 15 2008 11:14AM
Sebastien Tricaud (stricaud inl fr)
Re: Security log parser Feb 15 2008 12:47AM
p1g (killfactory gmail com)
Re: Security log parser Feb 14 2008 05:20PM
Martin A. Brown (martin linux-ip net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

: Im looking for a good security event log parser for linux/unix
: systems. All logs are in syslog format. Just want to be able to
: point the tool at a bunch of logs and drag out what is
: usefull.... Already use some cutom written scripts but could do
: with something a little more proffesional....

I'm sure you'll get quite a few suggestions, but I'll start off with
a few nexthops you should consider.

* splunk (commercial) [0]; very nifty, large volumes of data can
be searchable/accessible quite quickly
* log analysis list/site [1]
* sec, simple event correlator [2]

These are either tools or discussion lists which deal with the above
question in more detail than this list. Amazing what you discover
sometimes when you go for a romp through the logs.

Good luck!

- -Martin

[0] http://www.splunk.com/
[1] http://www.loganalysis.org/
http://www.loganalysis.org/sections/parsing/generic-log-parsers/index.ht
ml
http://www.loganalysis.org/mailman/listinfo/loganalysis
http://www.loganalysis.org/pipermail/loganalysis/
[2] http://www.estpak.ee/~risto/sec/

- --
Martin A. Brown
http://linux-ip.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)

iD8DBQFHtHh0HEoZD1iZ+YcRAsPZAKCbfRAVhXIshzHU84syQC/M+YR0FACeKi6O
EwzO3lLue4fufDW5t+eM6/Y=
=fEOf
-----END PGP SIGNATURE-----

[ reply ]
Re: Security log parser Feb 14 2008 05:12PM
Valdis Kletnieks vt edu


 

Privacy Statement
Copyright 2010, SecurityFocus