Allan Liska wrote: >The problem is your platform. Kiwi is a great tool, but it is not >really designed for analysis or auditing. Running Syslogd on a BSD >server, with a log rotation system, is a much better solution. > >Send your syslog data to the server. If you have a request similar >to the one you described grep/awk the file for the time period -- and >you can pull the information A LOT faster than you can with >Checkpoint's clunky interface. > > I second Allan's comments and also recommend SEC (http://kodu.neti.ee/~risto/sec/) or maybe Swatch (http://swatch.sourceforge.net/) to do the log analysis and correlation - SEC is particularly good at this and uses Perl regular expressions to select and manipulate log entries. Regards James Turnbull -- James Turnbull <james@private> PGP Key at http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40
_______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sun Feb 13 2005 - 14:30:07 PST