Security Incidents mailing list archives
Re: Security log parser
From: Bob Toxen <vger () verysecurelinux com>
Date: Fri, 15 Feb 2008 12:48:15 -0500
I find the Open Source Logcheck program to be the best. (The only thing that logwatch does that logcheck does not is to tell the number and details of brute-force password guessing.) Also, I've enhanced it to be even better by causing it to list any given event only once in the highest-priority category that applies. I've also enhanced it to accept a second set of emails that only get the high-priority events, not "Unusual events". (Anyone is welcome to email me and I'll send the tarball of my enhanced version.) Best regards, Bob Toxen, CTO Horizon Network Security "Your expert in Spam and Virus Filters, Linux server hardening, Firewalls, Network Monitoring, Linux System Administration, VPNs, local and remote backup software, and Network Security consulting, in business for 18 years." www.VerySecureLinux.com [Network & Linux/Unix Security Consulting] www.RealWorldLinuxSecurity.com [Our 5* book: "Real World Linux Security"] bob () VerySecureLinux com (e-mail) My article on "The Seven Deadly Sins of Linux Security" was published in the May/June 2007 issue of ACM's QUEUE Magazine. On Thu, Feb 14, 2008 at 09:16:17AM +0000, Jason Alexander wrote:
Hi all
Im looking for a good security event log parser for linux/unix systems. All logs are in syslog format. Just want to be able to point the tool at a bunch of logs and drag out what is usefull.... Already use some cutom written scripts but could do with something a little more proffesional....
cheers
Current thread:
- Security log parser Jason Alexander (Feb 14)
- Re: Security log parser Martin A. Brown (Feb 14)
- Re: Security log parser p1g (Feb 14)
- Re: Security log parser Valdis . Kletnieks (Feb 14)
- Re: Security log parser Sebastien Tricaud (Feb 15)
- Re: Security log parser Bob Toxen (Feb 15)