Security Incidents mailing list archives
Re: Security log parser
From: "Sebastien Tricaud" <stricaud () inl fr>
Date: Fri, 15 Feb 2008 12:14:27 +0100 (CET)
| | Hi all Hello Jason | | Im looking for a good security event log parser for linux/unix systems. All | logs are in syslog format. Just want to be able to point the tool at a bunch | of logs and drag out what is usefull.... Already use some cutom written | scripts but could do with something a little more proffesional.... | | I'd recommend two solutions, depending on your needs: * OSSEC HIDS (www.ossec.net), where you can easily write rulesets including the regular expression for the pattern you are looking for. * Prelude LML (www.prelude-ids.org), where writing a ruleset is a little more complicated than for OSSEC, but you can give more details regarding the IDMEF (rfc 4765) format. Both solutions can be integrated in the Prelude framework where you can gather alerts in a single console and do your analysis. Regards, Sebastien.
Current thread:
- Security log parser Jason Alexander (Feb 14)
- Re: Security log parser Martin A. Brown (Feb 14)
- Re: Security log parser p1g (Feb 14)
- Re: Security log parser Valdis . Kletnieks (Feb 14)
- Re: Security log parser Sebastien Tricaud (Feb 15)
- Re: Security log parser Bob Toxen (Feb 15)