Incidents
Security log parser Feb 14 2008 09:16AM
Jason Alexander (jalexander plus net) (5 replies)
Re: Security log parser Feb 15 2008 05:48PM
Bob Toxen (vger verysecurelinux com)
Re: Security log parser Feb 15 2008 11:14AM
Sebastien Tricaud (stricaud inl fr)
Re: Security log parser Feb 15 2008 12:47AM
p1g (killfactory gmail com)
BY professional do you mean commercial, as in $$$$?

Im not familiar with solutions that collect the logs. But, Enterasys
Dragon Security Command Console in a Security Information Manager
Plus.

It will do way more that what you looking for.

IMO, you should providing the level of monitoring nad correlation that
this solution provides, at a minimum. <- again at a minimum.

signature detection/protection, syslog, NBAD(google if you are not
familiar), NetFlow, etc.

But if you are only interested in what can be monitored on a linux/unix system,

check this guy out. Marcus Ranum.
His site:

http://www.ranum.com/security/computer_security/index.html

Click on 'Papers' and then click ' Artificial Ignorance' for an
enlightning and insightful method of thinning the log pile to entries
of interest.

Good luck and I think you will enjoy the link provided.

p1g out.

On 2/14/08, Jason Alexander <jalexander (at) plus (dot) net [email concealed]> wrote:
>
>
> Hi all
>
> Im looking for a good security event log parser for linux/unix systems. All logs are in syslog format. Just want to be able to point the tool at a bunch of logs and drag out what is usefull.... Already use some cutom written scripts but could do with something a little more proffesional....
>
>
> cheers
>
>
>

--
-p1g
SnortCP, C|HFI, TNCP, TECP, NACP, A+
,,__
o" )~ oink oink
' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

[ reply ]
Re: Security log parser Feb 14 2008 05:20PM
Martin A. Brown (martin linux-ip net)
Re: Security log parser Feb 14 2008 05:12PM
Valdis Kletnieks vt edu


 

Privacy Statement
Copyright 2010, SecurityFocus