Network Security: Detailed info on Re: Security log parser

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: Security log parser

from [Sebastien Tricaud] Network Security

[Permanent Link]

Subject:	Re: Security log parser
Date:	Fri, 15 Feb 2008 12:14:27 +0100 (CET)

    |
    | Hi all

Hello Jason

    |
    | Im looking for a good security event log parser for linux/unix systems. 
All
    | logs are in syslog format. Just want to be able to point the tool at a
bunch
    | of logs and drag out what is usefull.... Already use some cutom written
    | scripts but could do with something a little more proffesional....
    |
    |

I'd recommend two solutions, depending on your needs:
* OSSEC HIDS (www.ossec.net), where you can easily write rulesets including
the regular expression for the pattern you are looking for.
* Prelude LML (www.prelude-ids.org), where writing a ruleset is a little more
complicated than for OSSEC, but you can give more details regarding the IDMEF
(rfc 4765) format.

Both solutions can be integrated in the Prelude framework where you can gather
alerts in a single console and do your analysis.


Regards,
Sebastien.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Security log parser, Jason Alexander Re: Security log parser, Valdis . Kletnieks Re: Security log parser, Martin A. Brown Re: Security log parser, p1g Re: Security log parser, Sebastien Tricaud <= Re: Security log parser, Bob Toxen

Previous by Date:	Re: Security log parser, p1g
Next by Date:	Re: Security log parser, Bob Toxen
Previous by Thread:	Re: Security log parser, p1g
Next by Thread:	Re: Security log parser, Bob Toxen
Indexes:	[Date] [Thread] [Top] [All Lists]