Re: Security log parser

[Bob Toxen <vger () verysecurelinux com>]

I find the Open Source Logcheck program to be the best.  (The only thing
that logwatch does that logcheck does not is to tell the number and
details of brute-force password guessing.)

Also, I've enhanced it to be even better by causing it to list any
given event only once in the highest-priority category that applies.
I've also enhanced it to accept a second set of emails that only get
the high-priority events, not "Unusual events".  (Anyone is welcome to
email me and I'll send the tarball of my enhanced version.)

Best regards,

Bob Toxen, CTO
Horizon Network Security
"Your expert in Spam and Virus Filters, Linux server hardening, Firewalls,
Network Monitoring, Linux System Administration, VPNs, local and remote
backup software, and Network Security consulting, in business for
18 years."

www.VerySecureLinux.com        [Network & Linux/Unix Security Consulting]
www.RealWorldLinuxSecurity.com [Our 5* book: "Real World Linux Security"]
bob () VerySecureLinux com (e-mail)

My article on "The Seven Deadly Sins of Linux Security" was
published in the May/June 2007 issue of ACM's QUEUE Magazine.

On Thu, Feb 14, 2008 at 09:16:17AM +0000, Jason Alexander wrote:
> Hi all

> Im looking for a good security event log parser for linux/unix
> systems. All logs are in syslog format. Just want to be able to point
> the tool at a bunch of logs and drag out what is usefull.... Already
> use some cutom written scripts but could do with something a little
> more proffesional....

> cheers