Security Basics mailing list archives
Re: advice for syslog server
From: Robert Perriero <perrieror () mail montclair edu>
Date: Fri, 21 Jan 2005 09:22:07 -0500
FM wrote:
There are several tools that will do what you want. Unfortunately, they are a roll your own solution, so to speak. Simple Event Correlator(SEC) is the first one. You can find it at http://kodu.neti.ee/~risto/sec/ . This is highly customizable. Another tool is called logrep. You can find that at http://logrep.sourceforge.net/ . I am not sure if this has any customizability beyond the stated supported applications. The logsurfer tool will work also http://www.cert.dfn.de/eng/logsurf/home.html . As will swatch ftp://ftp.stanford.edu/general/security-tools/swatch/. You can also check out OpenAanval. This is a snort web frontend but it does have some syslog capabilities built in.Hello,We are using PIX firewall and I gonna configure an external syslog server.What do you use to do some automatic log checking ? For example, today a external user downloaded several GB. We saw it on our stats. I cannot look my stats website erveryday for every we server.So do you know good syslog parser/manager ? Thanks !
Hope this helps! Robert Perriero Montclair State University
Current thread:
- advice for syslog server FM (Jan 20)
- Re: advice for syslog server Robert Perriero (Jan 24)
- Re: advice for syslog server Michele Jordan (Jan 24)
- Re: advice for syslog server Mike Sweeney (Jan 24)
- Re: advice for syslog server Ramon Kagan (Jan 24)
- <Possible follow-ups>
- RE: advice for syslog server adisegna (Jan 24)
- RE: advice for syslog server Matthew Jenkins (Jan 25)