Security Basics mailing list archives
Re: advice for syslog server
From: Mike Sweeney <mikesweeney () packetattack com>
Date: Mon, 24 Jan 2005 10:50:08 -0800
I detailed using both syslogd, syslog-ng along with Swatch and Logwatch in my new POD book called "Network Security using Linux" which the free preview can be downloaded at www.lulu.com/packetpress Sawmill is another strong analysis tool which I have personally used with web logs and PIX log files. MikeS www.packetattack.com www.lulu.com/packetpress www.packetpress.net ----- Original Message ----- From: Michele Jordan <security_lists () michelejordan net> To: FM <dist-list () LEXUM UMontreal CA> Cc: Mailing List Security-Basic <security-basics () securityfocus com> Sent: Fri, 21 Jan 2005 06:52:00 -0800 Subject: Re: advice for syslog server
FM wrote:Hello, We are using PIX firewall and I gonna configure an external syslog server. What do you use to do some automatic log checking ? For example, today a external user downloaded several GB. We saw it on our stats. I cannot look my stats website erveryday for every we server. So do you know good syslog parser/manager ? Thanks !I use fwlogwatch to monitor our iptables logs, I have it mail me reports every morning. A good deal of configurability, it works reasonably well. I believe it supports PIX log formats as well. -Michele
Current thread:
- advice for syslog server FM (Jan 20)
- Re: advice for syslog server Robert Perriero (Jan 24)
- Re: advice for syslog server Michele Jordan (Jan 24)
- Re: advice for syslog server Mike Sweeney (Jan 24)
- Re: advice for syslog server Ramon Kagan (Jan 24)
- <Possible follow-ups>
- RE: advice for syslog server adisegna (Jan 24)
- RE: advice for syslog server Matthew Jenkins (Jan 25)