Our environment is mixed Windows and Unix - Linux and AIX. I configure syslog on firewalls to give me the level of data I'm interested in - the more critical stuff. I collect syslog from my firewalls on Windows boxes using WinSyslog by Adiscon Software (www.winsyslog.com.) This is a fine product that is quite reasonably priced (about $50 per server in small quantities.) Syslog on Linux would be equivalent in functionality, and of course, free. Thanks to CodeRed, all this syslog builds up at the rate of about 100 MB per log server per day! I used Perl for the Win32 environment (Active State) to write my log crunching programs. They go through all the log, extract the activity I'm most interested in, and summarize the rest. I run these programs every day for certain firewalls and web servers. They take awhile to run but otherwise are little trouble to manage. I'm a fairly experienced programmer but fairly new to perl, so my programs, though well documented, do not yet reflect very 'idiomatic' or even very efficient perl, so might not be too cool to some. I would certainly be willing to share them, though, if anyone's interested. Wishing you success with logs and Linux - John Campbell -----Original Message----- From: Richard Garand [mailto:krogoth2at_private] Sent: Friday, September 07, 2001 4:20 PM To: Frank Knobbe; John Campbell Subject: Re: Recent Increase in Port 139 Activity I'm working on setting up my first linux server, and I will be configuring some security and logging, and I was wondering how you find things like this, and how much time you spend on this. Do you have some script that will scan the logs and present a summary? Do you check your logs daily? Thanks in advance for any advince you can give me. -- Richard Garand krogoth2at_private, r.garandat_private (L)ICQ: 12190132 "I don't know about you all, but I'm gonna be partying like it's 999,999,999" - seen on slashdot ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 16:38:10 PDT