Security Incidents mailing list archives
Re: Security log parser
From: "Martin A. Brown" <martin () linux-ip net>
Date: Thu, 14 Feb 2008 11:20:40 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, : Im looking for a good security event log parser for linux/unix : systems. All logs are in syslog format. Just want to be able to : point the tool at a bunch of logs and drag out what is : usefull.... Already use some cutom written scripts but could do : with something a little more proffesional.... I'm sure you'll get quite a few suggestions, but I'll start off with a few nexthops you should consider. * splunk (commercial) [0]; very nifty, large volumes of data can be searchable/accessible quite quickly * log analysis list/site [1] * sec, simple event correlator [2] These are either tools or discussion lists which deal with the above question in more detail than this list. Amazing what you discover sometimes when you go for a romp through the logs. Good luck! - -Martin [0] http://www.splunk.com/ [1] http://www.loganalysis.org/ http://www.loganalysis.org/sections/parsing/generic-log-parsers/index.html http://www.loganalysis.org/mailman/listinfo/loganalysis http://www.loganalysis.org/pipermail/loganalysis/ [2] http://www.estpak.ee/~risto/sec/ - -- Martin A. Brown http://linux-ip.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/) iD8DBQFHtHh0HEoZD1iZ+YcRAsPZAKCbfRAVhXIshzHU84syQC/M+YR0FACeKi6O EwzO3lLue4fufDW5t+eM6/Y= =fEOf -----END PGP SIGNATURE-----
Current thread:
- Security log parser Jason Alexander (Feb 14)
- Re: Security log parser Martin A. Brown (Feb 14)
- Re: Security log parser p1g (Feb 14)
- Re: Security log parser Valdis . Kletnieks (Feb 14)
- Re: Security log parser Sebastien Tricaud (Feb 15)
- Re: Security log parser Bob Toxen (Feb 15)