Re: advice for syslog server

[Robert Perriero <perrieror () mail montclair edu>]

FM wrote:

> Hello,
> We are using PIX firewall and I gonna configure an external syslog 
> server.
>
> What do you use to do some automatic log checking ? For example, today 
> a external user  downloaded several GB. We saw it on our stats. I 
> cannot look my stats website erveryday for every we server.
>
> So do you know good syslog parser/manager ?
>
> Thanks !
There are several tools that will do what you want. Unfortunately, they 
are a roll your own solution, so to speak. Simple Event Correlator(SEC) 
is the first one. You can find it at  http://kodu.neti.ee/~risto/sec/ . 
This is highly customizable. Another tool is called logrep. You can find 
that at http://logrep.sourceforge.net/ . I am not sure if this has any 
customizability beyond the stated supported applications.  The logsurfer 
tool will work also http://www.cert.dfn.de/eng/logsurf/home.html .  As 
will swatch ftp://ftp.stanford.edu/general/security-tools/swatch/. You 
can also check out OpenAanval. This is a snort web frontend but it does 
have some syslog capabilities built in.

Hope this helps!


Robert Perriero
Montclair State University