Yes like swatch, though, if I recall, swatch was limited to one file, while logcheck can monitor multiple files. Thanks, Ron DuFresne On Fri, 14 Jan 2000, Bryan Swann wrote: > This sounds just like the tool called swatch that has been around for > awhile. It monitors the log files and has several ways to alert an > administrator when it gets a hit. > > "R. DuFresne" wrote: > > > > Abstract > > > > Logcheck is software package that is designed to automatically run and > > check system log files for security violations and unusual activity. > > Logcheck utilizes a program called logtail that remembers the last > > position it read from in a log file and uses this position on subsequent > > runs to process new information. All source code is available for review > > and the implementation was kept simple to avoid problems. This package is > > a clone of the frequentcheck.sh script from the Trusted Information > > Systems Gauntlet(tm) firewall package. TIS has granted permission for me > > to clone this package. > > > > -- crowlandat_private > > > > http://www.lh.umu.se/%7Ebjorn/mhonarc-files/linux-securitity > > > > Thanks, > > > > Ron DuFresne > > > > On Tue, 11 Jan 2000, Pete Storm wrote: > > > > > Hi all, > > > > > > Does anyone know of a tool out there that will allow > > > me to correlate incidents between several different > > > logs? For example, if I see an attempt to pull off a > > > php exploit on my IDS it stands to reason that I'll > > > see a similar log entry on my web server. What I'm > > > looking for is something that will pull these two > > > records out of the individual logs and place them in > > > an "incident" log as a related event. > > > > > > The current problem is that we're talking about > > > hundreds of thousands of log entries. Suppose I could > > > Perl it, but I was kinda hoping there might be a > > > commercial/shareware tool out there already that could > > > do it so much better than I could. > > > > > > thanks, > > > phs > > > __________________________________________________ > > > Do You Yahoo!? > > > Talk to your friends online with Yahoo! Messenger. > > > http://im.yahoo.com > > > > > > > -- > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > admin & senior consultant: darkstar.sysinfo.com > > http://darkstar.sysinfo.com > > > > "Cutting the space budget really restores my faith in humanity. It > > eliminates dreams, goals, and ideals and lets us get straight to the > > business of hate, debauchery, and self-annihilation." > > -- Johnny Hart > > > > testing, only testing, and damn good at it too! > > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:52 PDT