Hi List,

I am pleased to announce the general availability of OSSEC version 1.4.

For those new here, OSSEC is an Open Source Host-based Intrusion
Detection System. It performs log analysis, integrity checking,
Windows registry monitoring, rootkit detection, real-time alerting and
active response.

[ more ]  [ reply ]

Hi all --

In my latest bout of centralizing information about events relevant to
administration and compliance management, I am reviewing my documentation on
Microsoft audit policies and the events they control. This work uses this
document

http://www.splunkbase.com/howtos/Operating_Systems/Windo

[ more ]  [ reply ]

Hi all -- I've discovered a bit of syslog data that I can't explain.

Jun 13 00:57:57 <hostname> kernel: Jun 13 00:57:57 <hostname>
named[45636]: transfer of 'example.com/IN' from xyz.xyz.xyz.xyz#53: failed
to
connect: timed out

For those of us with mail clients that automatically line wrap, that'

[ more ]  [ reply ]

Talk selections for PacSec 2007 - November 29 and 30 - Aoyama Diamond Hall

-------
- Programmed I/O accesses: a threat to virtual machine monitors? - Loic
Duflot,

- Developing Fuzzers with Peach - Michael Eddington, Leviathan Security

- Cyber Attacks Against Japan - Hiroshi Kawaguchi, LAC

- Win

[ more ]  [ reply ]

Hello all,

I have a little problem to setup my config file ; here are informations i
can give you about my setup, I try to monitor failed PROFTPD login attempts
:

/etc/logsurrfer/logsurfer.conf :

'^([a-zA-Z]{3} [0-9]{2}) ([0-9]{2}:[0-9]{2}:[0-9]{2}) (.*)
proftpd\[([0-9]+)\]: (.*) \(([0-9

[ more ]  [ reply ]

Hi list,

We had some great discussions in the past about database logging, and
we all know the importance of it, but it seems to be a gap regarding
this topic (hard to find documents about it, very few people actually
do it, etc).

Is there any public information about it? Anyone has real numbers (

[ more ]  [ reply ]

Hello all,

I?m a new user of logsurfer, I?m running it onto a RHEL3ES linux server.

Here is the output of the redhat init script with a ?set ?x? added into it :

[root@supervision root]# /etc/init.d/logsurfer start | more

+ '[' -f /etc/sysconfig/logsurfer ']'

+ LOGSURFER_HOME=/etc/logsu

[ more ]  [ reply ]

Hi all,

I've been told about this list, and as we are implementing a SEM
solution, I thought I'd subscribe. I'm looking forward to hearing tips
and tricks from the list members.

Cheers,
--
Greg Vickers
IT Security Engineer & Project Manager
IT Security, Network Services,
Information Technology

[ more ]  [ reply ]

All,

I mentioned this preso on log mining on the list in the past, but
never released a copy (only privately). I think time for it has come:
http://chuvakin.blogspot.com/2007/09/another-presentation-final-full-log
.html

Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.o

[ more ]  [ reply ]

We've used a lot of acronyms in the current thread about firewall logs.
Old-timers, please try to remember that there are a lot of list subscribers
who probably don't know what a particular acronym means in the context of
logs and firewalls. Newbies, please feel free to ask questions, or, if
you've

[ more ]  [ reply ]

Hi

we have 6 firewalls - 2 of them facing Internet , 4 internal

We are analysing their log using a leading SIM solution

Looking for help in identifying meaningful/actionable reports that we
can get from Firewall log analysis

-- From DENY traffic

-- Currently we take daily reports on - Top 10 a

[ more ]  [ reply ]