Security Basics mailing list archives

Re: advice for syslog server

From: Ramon Kagan <rkagan () yorku ca>
Date: Fri, 21 Jan 2005 08:29:01 -0500 (EST)

HI,

We use logsurfer+ (http://www.crypt.gen.nz/logsurfer/).  We find it to be
the most robust and configurable (you need to be regex savvy).  Overall it
handles our logs in real-time, and actions alerts on various criteria and
specifications (such as 1000 matches in 2 minutes).  It's context ability
is second to none that we have found.  In fact we use this for all our
syslog parsing requirements (about 500MB per hour and growing).

Ramon Kagan
York University, Computing and Network Services
Information Security  -  Senior Information Security Analyst
(416)736-2100 #20263
rkagan () yorku ca

-----------------------------------   ------------------------------------
I have not failed.  I have just        I don't know the secret to success,
found 10,000 ways that don't work.     but the secret to failure is
                                       trying to please everybody.
        - Thomas Edison                         - Bill Cosby
-----------------------------------   ------------------------------------

On Wed, 19 Jan 2005, FM wrote:

Hello,
We are using PIX firewall and I gonna configure an external syslog server.

What do you use to do some automatic log checking ? For example, today a
external user  downloaded several GB. We saw it on our stats. I cannot
look my stats website erveryday for every we server.

So do you know good syslog parser/manager ?

Thanks !

Current thread:

advice for syslog server FM (Jan 20)
- Re: advice for syslog server Robert Perriero (Jan 24)
- Re: advice for syslog server Michele Jordan (Jan 24)
  - Re: advice for syslog server Mike Sweeney (Jan 24)
- Re: advice for syslog server Ramon Kagan (Jan 24)
- <Possible follow-ups>
- RE: advice for syslog server adisegna (Jan 24)
- RE: advice for syslog server Matthew Jenkins (Jan 25)