Incidents
Security log parser Feb 14 2008 09:16AM
Jason Alexander (jalexander plus net) (5 replies)
Re: Security log parser Feb 15 2008 05:48PM
Bob Toxen (vger verysecurelinux com)
Re: Security log parser Feb 15 2008 11:14AM
Sebastien Tricaud (stricaud inl fr)
|
| Hi all

Hello Jason

|
| Im looking for a good security event log parser for linux/unix systems. All
| logs are in syslog format. Just want to be able to point the tool at a
bunch
| of logs and drag out what is usefull.... Already use some cutom written
| scripts but could do with something a little more proffesional....
|
|

I'd recommend two solutions, depending on your needs:
* OSSEC HIDS (www.ossec.net), where you can easily write rulesets including
the regular expression for the pattern you are looking for.
* Prelude LML (www.prelude-ids.org), where writing a ruleset is a little more
complicated than for OSSEC, but you can give more details regarding the IDMEF
(rfc 4765) format.

Both solutions can be integrated in the Prelude framework where you can gather
alerts in a single console and do your analysis.

Regards,
Sebastien.

[ reply ]
Re: Security log parser Feb 15 2008 12:47AM
p1g (killfactory gmail com)
Re: Security log parser Feb 14 2008 05:20PM
Martin A. Brown (martin linux-ip net)
Re: Security log parser Feb 14 2008 05:12PM
Valdis Kletnieks vt edu


 

Privacy Statement
Copyright 2010, SecurityFocus