Incidents
Security log parser Feb 14 2008 09:16AM
Jason Alexander (jalexander plus net) (5 replies)
Re: Security log parser Feb 15 2008 05:48PM
Bob Toxen (vger verysecurelinux com)
I find the Open Source Logcheck program to be the best. (The only thing
that logwatch does that logcheck does not is to tell the number and
details of brute-force password guessing.)

Also, I've enhanced it to be even better by causing it to list any
given event only once in the highest-priority category that applies.
I've also enhanced it to accept a second set of emails that only get
the high-priority events, not "Unusual events". (Anyone is welcome to
email me and I'll send the tarball of my enhanced version.)

Best regards,

Bob Toxen, CTO
Horizon Network Security
"Your expert in Spam and Virus Filters, Linux server hardening, Firewalls,
Network Monitoring, Linux System Administration, VPNs, local and remote
backup software, and Network Security consulting, in business for
18 years."

www.VerySecureLinux.com [Network & Linux/Unix Security Consulting]
www.RealWorldLinuxSecurity.com [Our 5* book: "Real World Linux Security"]
bob (at) VerySecureLinux (dot) com [email concealed] (e-mail)

My article on "The Seven Deadly Sins of Linux Security" was
published in the May/June 2007 issue of ACM's QUEUE Magazine.

On Thu, Feb 14, 2008 at 09:16:17AM +0000, Jason Alexander wrote:
> Hi all

> Im looking for a good security event log parser for linux/unix
> systems. All logs are in syslog format. Just want to be able to point
> the tool at a bunch of logs and drag out what is usefull.... Already
> use some cutom written scripts but could do with something a little
> more proffesional....

> cheers

[ reply ]
Re: Security log parser Feb 15 2008 11:14AM
Sebastien Tricaud (stricaud inl fr)
Re: Security log parser Feb 15 2008 12:47AM
p1g (killfactory gmail com)
Re: Security log parser Feb 14 2008 05:20PM
Martin A. Brown (martin linux-ip net)
Re: Security log parser Feb 14 2008 05:12PM
Valdis Kletnieks vt edu


 

Privacy Statement
Copyright 2010, SecurityFocus