Re: [logs]Re: Recommendations for a syslog checker

• Previous message: Daniel San Miguel Reyero: "[logs]Re: Recommendations for a syslog checker"
• In reply to: Daniel San Miguel Reyero: "[logs]Re: Recommendations for a syslog checker"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, i really suggest the use of the oshids :)
http://www.ossec.net/oshids/ 

"
Its an Open Source log files scan/check. It reads the
specified log files and search for 
malicious entries. The os-hids can work in "real-time"
(as a daemon), which analyses the log entry as soon
as it appears in the log ...
It is very configurable, and can notify by email if
any problem happen (a rule match)... It have some kind
of buffer control (to avoid a lot of repeted messages
) too.
"



> --- Daniel San Miguel Reyero <dasr@private>
>escreveu: > They are 2 good programs for chechk a
>syslog files
> in Linux/UNIX:
> 
> logcheck
>
(http://packages.debian.org/testing/admin/logcheck.html)
> for debian 
> systems:
>  deb package		Description
>   logcheck -          Mails anomalies in the system
> logfiles to the
>                       administrator
>   logcheck-database - A database of system log rules
> for the use of log 
>                       checkers
> 
> Another good GPL syslog checker is ( logwatch
> http://www2.logwatch.org:81/ )
> 
> A good reference is:
> http://www.loganalysis.org/
>
http://www.loganalysis.org/sections/parsing/application-specific/index.html
>
http://www.loganalysis.org/sections/parsing/application-specific/index.html
> 
> > Hallo,
> >
> > sorry for the probably trivial question.
> >
> > I'm looking for a syslog log checker that sends me
> > all unknown log entries (with context if possible)
> > that can then be configured to ignore known
> harmless
> > log entries.
> > It seems that logcheck can do that, but maybe
> there
> > are better tools for that?
> >
> > Thanks in advance,
> >
> > Florian
> > _______________________________________________
> > LogAnalysis mailing list
> > LogAnalysis@private
> >
> http://lists.shmoo.com/mailman/listinfo/loganalysis
> 
> 
> 
> 
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis 

______________________________________________________________________

Yahoo! Mail: 6MB, anti-spam e antivírus gratuito! Crie sua conta agora:
http://mail.yahoo.com.br
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: John Reuning: "[logs] Statistical or probabilistic log mining"
• Previous message: Daniel San Miguel Reyero: "[logs]Re: Recommendations for a syslog checker"
• In reply to: Daniel San Miguel Reyero: "[logs]Re: Recommendations for a syslog checker"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 13 2003 - 10:21:09 PST