Re: [logs] Best software between : swatch, logsurfer and wots ?

From: Alek Goszczycki (agoszczyckiat_private)
Date: Fri Oct 26 2001 - 03:05:44 PDT

Next message: Tina Bird: "[logs] FW: FW-1 and incident log processing (fwd)"

Previous message: Wolfgang Ley - Sun Germany - Hamburg: "Re: [logs] logsurfer help..."
In reply to: Gildas PERROT: "[logs] Best software between : swatch, logsurfer and wots ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gildas PERROT wrote:
> 
> Hi,
> 
> I am looking for the best software those ones (and others  why not ?). I am
> using Redhat 6.x and have perl and C compiler installed.
> I already tried swatch but I discover some bugs or problems :
> 
> 1) I noticed that with --tail-file mode, matched lines are not displayed by
> "echo" as soons as they appear in logfile even if "throttle" is not used.
> What is the default behaviour in that case and how can make the line to be
> displayed ASAP (at least 5 s after it is written in the logfile).
> 
> 2) throttle values are not accepted.

Hi,

Try: http://kodu.neti.ee/~risto/sec/

I found it very useful tool for monitoring and logs correlation. If you
have some perl regexp expirience it is easy to configure.

Regards,

Alek

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Tina Bird: "[logs] FW: FW-1 and incident log processing (fwd)"
Previous message: Wolfgang Ley - Sun Germany - Hamburg: "Re: [logs] logsurfer help..."
In reply to: Gildas PERROT: "[logs] Best software between : swatch, logsurfer and wots ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 09:41:32 PDT