Security Incidents mailing list archives

Re: Security log parser

From: "Sebastien Tricaud" <stricaud () inl fr>
Date: Fri, 15 Feb 2008 12:14:27 +0100 (CET)

    |
    | Hi all

Hello Jason

    |
    | Im looking for a good security event log parser for linux/unix systems. All
    | logs are in syslog format. Just want to be able to point the tool at a
bunch
    | of logs and drag out what is usefull.... Already use some cutom written
    | scripts but could do with something a little more proffesional....
    |
    |

I'd recommend two solutions, depending on your needs:
* OSSEC HIDS (www.ossec.net), where you can easily write rulesets including
the regular expression for the pattern you are looking for.
* Prelude LML (www.prelude-ids.org), where writing a ruleset is a little more
complicated than for OSSEC, but you can give more details regarding the IDMEF
(rfc 4765) format.

Both solutions can be integrated in the Prelude framework where you can gather
alerts in a single console and do your analysis.


Regards,
Sebastien.

Current thread:

Security log parser Jason Alexander (Feb 14)
- Re: Security log parser Martin A. Brown (Feb 14)
- Re: Security log parser p1g (Feb 14)
- Re: Security log parser Valdis . Kletnieks (Feb 14)
- Re: Security log parser Sebastien Tricaud (Feb 15)
- Re: Security log parser Bob Toxen (Feb 15)