Re: advice for syslog server

[Mike Sweeney <mikesweeney () packetattack com>]

I detailed using both syslogd, syslog-ng along with Swatch and Logwatch in my new POD book called "Network Security 
using Linux" which the free preview can be downloaded at www.lulu.com/packetpress Sawmill is another strong analysis 
tool which I have personally used with web logs and PIX log files. 

MikeS
www.packetattack.com
www.lulu.com/packetpress
www.packetpress.net

----- Original Message -----
From: Michele Jordan <security_lists () michelejordan net>
To: FM <dist-list () LEXUM UMontreal CA>
Cc: Mailing List Security-Basic <security-basics () securityfocus com>
Sent: Fri, 21 Jan 2005 06:52:00 -0800
Subject: Re: advice for syslog server


> FM wrote:
>
> > Hello,
> > We are using PIX firewall and I gonna configure an external syslog 
> > server.
> >
> > What do you use to do some automatic log checking ? For example, today 
> > a external user  downloaded several GB. We saw it on our stats. I 
> > cannot look my stats website erveryday for every we server.
> >
> > So do you know good syslog parser/manager ?
> >
> > Thanks !
> I use fwlogwatch to monitor our iptables logs, I have it mail me reports 
> every morning.  A good deal of configurability, it works reasonably 
> well.  I believe it supports PIX log formats as well.
>
> -Michele