[logs] Syslog Alert Strings----Web Site References or Resources?

• Previous message: Christina Noren: "[logs] Re: Check Point FW1 Log"
• Next in thread: Anton Chuvakin: "[logs] Re: Syslog Alert Strings----Web Site References or Resources?"
• Reply: Anton Chuvakin: "[logs] Re: Syslog Alert Strings----Web Site References or Resources?"
• Reply: Tina Bird: "[logs] Re: Syslog Alert Strings----Web Site References or Resources?"
• Reply: Daniel Cid: "[logs] Re: Syslog Alert Strings----Web Site References or Resources?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Does anyone know of a good site that contains common
application level attack strings and system responses
as they commonly occur in Syslog? I understand there
are many flavors of syslog and net services, but until
there is a standard, common alert strings to search
for would be great. 

Since we're going through this multi-file log
analysis without a commercial product, I'd like to
find some good anomaly detection strings. Then I can
take the strings and run them against a for loop of
log files for hits. Who knows, there may be a site
with service specific strings?
Web, SMTP, SQL.....?

Thanks,
Gregg


_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Christina Noren: "[logs] Re: Check Point FW1 Log"
• Next in thread: Anton Chuvakin: "[logs] Re: Syslog Alert Strings----Web Site References or Resources?"
• Reply: Anton Chuvakin: "[logs] Re: Syslog Alert Strings----Web Site References or Resources?"
• Reply: Tina Bird: "[logs] Re: Syslog Alert Strings----Web Site References or Resources?"
• Reply: Daniel Cid: "[logs] Re: Syslog Alert Strings----Web Site References or Resources?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Feb 22 2006 - 09:23:01 PST