Re: [logs] absence of evidence...

From: Wayne Pierce (wayneat_private)
Date: Mon Dec 16 2002 - 04:30:09 PST

  • Next message: Bennett Todd: "Re: [logs] absence of evidence..."

    I have a program, somewhere, that read a file of regular expressions on 
    startup.  These were then compared against a file, in this case 
    /var/adm/messages, with hits sent via SNMPv1.  The script is written in 
    Python and was typically used with a tail -f against the log file.
    
    Would a variation of this work for your needs?
    
    -W
    
    --
    New England Information Security Users Group - http://www.neisug.com
    
    Regional Electronic And Computer Crimes Taskforce - http://www.reacct.org
    
    ...... Original Message .......
    On Mon, 16 Dec 2002 05:32:38 +0000 (GMT) Tina Bird 
    <tbird@precision-guesswork.com> wrote:
    >may still be interesting.
    >
    >anyone out there have a tool that can parse syslog data (or anything text
    >based, i guess) and send an alert if a particular message does >not< show
    >up?
    >
    >thanks -- tbird
    >
    >"Our duty, as living things, is to be sure that pain is not our whole
    >story, for we can choose to be otherwise....we can choose to dance."
    >                             -- from "Six Moon Dance," by Sheri Tepper
    >
    >http://www.shmoo.com/~tbird
    >Log Analysis http://www.loganalysis.org
    >VPN http://vpn.shmoo.com
    >
    >_______________________________________________
    >LogAnalysis mailing list
    >LogAnalysisat_private
    >http://lists.shmoo.com/mailman/listinfo/loganalysis
    >
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 18:36:09 PST