Hi Greg, You can try to ossec hids rules. We have signatures for a lot of attack patterns in the logs (using both atomic and correlated data). Just download: http://www.ossec.net/hids/files/ossec-hids-0.6-1.tar.gz untar it: tar -zxvf ossec-hids-0.6-1.tar.gz And look inside ossec-hids-0.6/etc/rules/ You will see a lot of stuff in there :) The rules are in XML and should be easy to understand. Any problems, just let me know. Hope it helps. -- Daniel B. Cid, CISSP daniel.cid @ ( at ) gmail.com --- Greg Dotoli <gldotoli@private> escreveu: > Does anyone know of a good site that contains common > application level attack strings and system > responses > as they commonly occur in Syslog? I understand there > are many flavors of syslog and net services, but > until > there is a standard, common alert strings to search > for would be great. > > Since we're going through this multi-file log > analysis without a commercial product, I'd like to > find some good anomaly detection strings. Then I can > take the strings and run them against a for loop of > log files for hits. Who knows, there may be a site > with service specific strings? > Web, SMTP, SQL.....? > > Thanks, > Gregg > > > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis > _______________________________________________________ Yahoo! doce lar. Faça do Yahoo! sua homepage. http://br.yahoo.com/homepageset.html _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Feb 22 2006 - 19:06:18 PST