Security Incidents mailing list archives
Re: Looking for program to analyze logs
From: bmacke () LUCENT COM (Brian Macke)
Date: Wed, 22 Mar 2000 11:05:20 -0600
When I was administering a PIX, I used "swatch" for my log analysis. It's a freely available tool for Unix that can actively monitor the PIX logs. My configuration file was about 30-40 lines and it trimmed down the logs to a manageable 1-5,000 lines per day. If you want something less than that, you can trim it down even further. It's small and easy to control. Just remember not to ignore the real logs. You're getting a synopsis out of swatch. The real truth is in those logs and that'll give you a better explanation of an incident. On Tue, 21 Mar 2000, Mieth Lindsay wrote:
Reviewing your messages and seeing the traffic I am working with, I have surmised that you have some pretty decent tools to work with. Our PIX produces about 500mb of logs a day which means I might as well not have logging since there is no way I can review this amount of data myself. Would you please recommend an analyzing tool to break out the important or at least likely important information from the logs? Sincerely, Lindsay Mieth
-- -Brian James Macke, CISSP bmacke () lucent com Network Systems Security Engineer Lucent Technologies "In order to get that which you wish for, you must first get that which builds it." -- Unknown
Current thread:
- Looking for program to analyze logs Mieth Lindsay (Mar 21)
- Looking for program to analyze logs Klaus Moeller (Mar 22)
- Re: Looking for program to analyze logs (CMDS from ODS) Ron Gula (Mar 22)
- Re: Looking for program to analyze logs Brian Macke (Mar 22)
- Re: Looking for program to analyze logs - - (Mar 22)
- FTP connection attempts JF Prieur (Mar 23)
- Re: FTP connection attempts Bill Pennington (Mar 24)
- Re: Looking for program to analyze logs Nicholas de Jong (Mar 22)