I'm currently building a syslog server for the purpose of discovering
security issues, configuration issues and troubleshooting. I'm utilizing a
couple of tools for this, to include syslog-ng, mysql, and phpMyAdmin. I'd
put those in google and check out the several sites on how to put them
together. Because I'm also running Cacti on this server, and after seeing
the page given below, I'm thinking I might try using it to show a graphical
version of the syslogs. Then again, it might just be as easy as counting
errors for the same purpose.
I've had a test run and it worked decently. As my knowledge of mysql and
syslog-ng increases, it'll get even better. Hope this helps, and let me know
what kind of progress you make!
-----Original Message-----
From: phunked up! [mailto:phunkodelic@gmail.com]
Sent: Thursday, October 27, 2005 7:35 AM
To: Luis Angel Fernandez
Cc: security-basics@securityfocus.com
Subject: Re: Integrating logs from PIX, IIS and WAS
Go to www.logparser.com. Use that with a back end database
such as MySQL or micorosft Sql (express is free) which will
allow you to do analysis of the logs. I am also doing the
same sort of thing and am using the above mentioned tools.
On 10/26/05, Luis Angel Fernandez <lafernandez@matchmind.es> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I am investigating about tools for integrate (store and
analysis)
logs from different souces (Cisco PIX, IIS, WAS app server,
syslog).
The goal is be able of follow up a the behavior of a
possible intruder
throught a scenario based on that products. Which is your
method for
doing a forensic task like this? Which tools could help for
this task?
Regards.
