Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Security log parser

from [Bob Toxen] Network Security [Permanent Link]
Subject: Re: Security log parser
Date: Fri, 15 Feb 2008 12:48:15 -0500 
I find the Open Source Logcheck program to be the best.  (The only thing
that logwatch does that logcheck does not is to tell the number and
details of brute-force password guessing.)

Also, I've enhanced it to be even better by causing it to list any
given event only once in the highest-priority category that applies.
I've also enhanced it to accept a second set of emails that only get
the high-priority events, not "Unusual events".  (Anyone is welcome to
email me and I'll send the tarball of my enhanced version.)

Best regards,

Bob Toxen, CTO
Horizon Network Security
"Your expert in Spam and Virus Filters, Linux server hardening, Firewalls,
Network Monitoring, Linux System Administration, VPNs, local and remote
backup software, and Network Security consulting, in business for
18 years."

www.VerySecureLinux.com        [Network & Linux/Unix Security Consulting]
www.RealWorldLinuxSecurity.com [Our 5* book: "Real World Linux Security"]
bob@VerySecureLinux.com (e-mail)

My article on "The Seven Deadly Sins of Linux Security" was
published in the May/June 2007 issue of ACM's QUEUE Magazine.

On Thu, Feb 14, 2008 at 09:16:17AM +0000, Jason Alexander wrote:

Hi all



Im looking for a good security event log parser for linux/unix
systems. All logs are in syslog format. Just want to be able to point
the tool at a bunch of logs and drag out what is usefull.... Already
use some cutom written scripts but could do with something a little
more proffesional....



cheers
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Security log parser, Sebastien Tricaud
Next by Date:  Re: Possible Mail server compromise ?, Faas M. Mathiasen
Previous by Thread:  Re: Security log parser, Sebastien Tricaud
Indexes:  [Date] [Thread] [Top] [All Lists]