Security Incidents mailing list archives

Re: Security log parser

From: "Martin A. Brown" <martin () linux-ip net>
Date: Thu, 14 Feb 2008 11:20:40 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

 : Im looking for a good security event log parser for linux/unix 
 : systems. All logs are in syslog format. Just want to be able to 
 : point the tool at a bunch of logs and drag out what is 
 : usefull.... Already use some cutom written scripts but could do 
 : with something a little more proffesional....

I'm sure you'll get quite a few suggestions, but I'll start off with 
a few nexthops you should consider.

  * splunk (commercial) [0]; very nifty, large volumes of data can 
    be searchable/accessible quite quickly
  * log analysis list/site [1]
  * sec, simple event correlator [2]

These are either tools or discussion lists which deal with the above 
question in more detail than this list.  Amazing what you discover 
sometimes when you go for a romp through the logs.

Good luck!

- -Martin

 [0] http://www.splunk.com/
 [1] http://www.loganalysis.org/
     http://www.loganalysis.org/sections/parsing/generic-log-parsers/index.html
     http://www.loganalysis.org/mailman/listinfo/loganalysis
     http://www.loganalysis.org/pipermail/loganalysis/
 [2] http://www.estpak.ee/~risto/sec/

- -- 
Martin A. Brown
http://linux-ip.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)

iD8DBQFHtHh0HEoZD1iZ+YcRAsPZAKCbfRAVhXIshzHU84syQC/M+YR0FACeKi6O
EwzO3lLue4fufDW5t+eM6/Y=
=fEOf
-----END PGP SIGNATURE-----

Current thread:

Security log parser Jason Alexander (Feb 14)
- Re: Security log parser Martin A. Brown (Feb 14)
- Re: Security log parser p1g (Feb 14)
- Re: Security log parser Valdis . Kletnieks (Feb 14)
- Re: Security log parser Sebastien Tricaud (Feb 15)
- Re: Security log parser Bob Toxen (Feb 15)