Looking for program to analyze logs

[moeller () CERT DFN DE (Klaus Moeller)]

-----BEGIN PGP SIGNED MESSAGE-----

Mieth Lindsay writes:
> Reviewing your messages and seeing the traffic I am working with, I have
> surmised that you have some pretty decent tools to work with.  Our PIX
> produces about 500mb of logs a day which means I might as well not have
> logging since there is no way I can review this amount of data myself.
> Would you please recommend an analyzing tool to break out the important or
> at least likely important information from the logs?

logsurfer - has some pretty nice capabilities that go beyond simple
regexp parsing like grep. Although it can consume quite a bit of CPU
if used with large an complex rulebases.

ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/

        Klaus Moeller

- --
Klaus Moeller            |                    mailto:moeller () cert dfn de
DFN-CERT GmbH            |
Vogt-Koelln-Str. 30      |                      Phone: +49(40)42883-2262
D-22527 Hamburg          |                        FAX: +49(40)42883-2241
Germany                  |       PGP-Key: finger moeller () ftp cert dfn de

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAwUBONiYl4rEggYLt8j5AQH5gwf+ODuEcwULq+OIJEem8Em7i4PZ5tRVpiXT
BMwiyDvaPHUEOIR0MOTAUVOXNgLzxg+R+VA5+0nM1dADExyOru46M7a8Y75UNVwl
N8+F2wGT23B3LF+rE73mrKZfEQ6Fh2p4oM0pJsPX98D9EQNcFEAS5DSVtJmgWhxu
dQFr6hsfY7kCyyhnD/psNQ8RHLX2tzdFbU+wKuXriSeW6TIILEwwdVOGP45plD/g
3SArSIWw9fbzJGvMuli3JtVw9hkOPeb2GwYJf9MmSCitBZRnWcU0sjkeuDhA3Apc
LRufSnvYCAOK0b7Y0WvbIqqX+wgtIrLcwOtHBl9Wd6XHLM/BFwIexw==
=9bms
-----END PGP SIGNATURE-----