Security Incidents mailing list archives
Re: Security log parser
From: p1g <killfactory () gmail com>
Date: Thu, 14 Feb 2008 19:47:14 -0500
BY professional do you mean commercial, as in $$$$? Im not familiar with solutions that collect the logs. But, Enterasys Dragon Security Command Console in a Security Information Manager Plus. It will do way more that what you looking for. IMO, you should providing the level of monitoring nad correlation that this solution provides, at a minimum. <- again at a minimum. signature detection/protection, syslog, NBAD(google if you are not familiar), NetFlow, etc. But if you are only interested in what can be monitored on a linux/unix system, check this guy out. Marcus Ranum. His site: http://www.ranum.com/security/computer_security/index.html Click on 'Papers' and then click ' Artificial Ignorance' for an enlightning and insightful method of thinning the log pile to entries of interest. Good luck and I think you will enjoy the link provided. p1g out. On 2/14/08, Jason Alexander <jalexander () plus net> wrote:
Hi all Im looking for a good security event log parser for linux/unix systems. All logs are in syslog format. Just want to be able to point the tool at a bunch of logs and drag out what is usefull.... Already use some cutom written scripts but could do with something a little more proffesional.... cheers
-- -p1g SnortCP, C|HFI, TNCP, TECP, NACP, A+ ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
Current thread:
- Security log parser Jason Alexander (Feb 14)
- Re: Security log parser Martin A. Brown (Feb 14)
- Re: Security log parser p1g (Feb 14)
- Re: Security log parser Valdis . Kletnieks (Feb 14)
- Re: Security log parser Sebastien Tricaud (Feb 15)
- Re: Security log parser Bob Toxen (Feb 15)