Salvati Amedeo wrote: > yes i have just visited either eventid.net and ultimatewindowssecurity.com > for filtering low important event from high, but now i want to setup some > correlation criteria, > ex. 3 times one username try to enter onto one|plus hosts, and fails, and > then, the same username logon onto the same|other host. > > But my problem it's only know the main logs to monitor, ex. Top 10 event > ID > I don't know of any resource like that. I think you would need to experiment with test cases - like the example you provided and then record the resulting log entries and build correlation rules from there. > thanks for your time and for Nagios > amedeo > I didn't develop Nagios - it's developer is Ethan Galstad - I merely wrote a book about it. :) Regards James Turnbull -- James Turnbull <james@private> --- Author of Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) Hardening Linux (http://www.amazon.com/gp/product/1590594444/) --- PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40) _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Fri Mar 17 2006 - 13:26:40 PST