Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Security log parser

from [p1g] Network Security [Permanent Link]
Subject: Re: Security log parser
Date: Thu, 14 Feb 2008 19:47:14 -0500 
BY professional do you mean commercial, as in $$$$?

Im not familiar with solutions that collect the logs. But, Enterasys
Dragon Security Command Console in a Security Information Manager
Plus.

It will do way more that what you looking for.

IMO, you should providing the level of monitoring nad correlation that
this solution provides, at a minimum. <- again at a minimum.

signature detection/protection, syslog, NBAD(google if you are not
familiar), NetFlow, etc.


But if you are only interested in what can be monitored on a linux/unix system,

check this guy out. Marcus Ranum.
His site:

http://www.ranum.com/security/computer_security/index.html

Click on 'Papers' and then click ' Artificial Ignorance' for an
enlightning and insightful method of thinning the log pile to entries
of interest.

Good luck and I think you will enjoy the link provided.

p1g out.

On 2/14/08, Jason Alexander <jalexander@plus.net> wrote:



Hi all

Im looking for a good security event log parser for linux/unix systems. All 
logs are in syslog format. Just want to be able to point the tool at a bunch 
of logs and drag out what is usefull.... Already use some cutom written 
scripts but could do with something a little more proffesional....


cheers






-- 
-p1g
SnortCP, C|HFI, TNCP, TECP, NACP, A+
  ,,__
o"     )~  oink oink
   ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Security log parser, Martin A. Brown
Next by Date:  Re: Security log parser, Sebastien Tricaud
Previous by Thread:  Re: Security log parser, Martin A. Brown
Next by Thread:  Re: Security log parser, Sebastien Tricaud
Indexes:  [Date] [Thread] [Top] [All Lists]