Re: Security log parser

[p1g <killfactory () gmail com>]

BY professional do you mean commercial, as in $$$$?

Im not familiar with solutions that collect the logs. But, Enterasys
Dragon Security Command Console in a Security Information Manager
Plus.

It will do way more that what you looking for.

IMO, you should providing the level of monitoring nad correlation that
this solution provides, at a minimum. <- again at a minimum.

signature detection/protection, syslog, NBAD(google if you are not
familiar), NetFlow, etc.


But if you are only interested in what can be monitored on a linux/unix system,

check this guy out. Marcus Ranum.
His site:

http://www.ranum.com/security/computer_security/index.html

Click on 'Papers' and then click ' Artificial Ignorance' for an
enlightning and insightful method of thinning the log pile to entries
of interest.

Good luck and I think you will enjoy the link provided.

p1g out.

On 2/14/08, Jason Alexander <jalexander () plus net> wrote:
> Hi all
>
> Im looking for a good security event log parser for linux/unix systems. All logs are in syslog format. Just want to 
> be able to point the tool at a bunch of logs and drag out what is usefull.... Already use some cutom written scripts 
> but could do with something a little more proffesional....
>
>
> cheers


-- 
-p1g
SnortCP, C|HFI, TNCP, TECP, NACP, A+
  ,,__
o"     )~  oink oink
   ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke