Re: Log analyzer

From: Hugo van der Kooij (hvdkooij@vanderkooij.org)
Date: 01/09/02 

Date: Wed, 9 Jan 2002 23:06:21 +0100 (CET)
From: Hugo van der Kooij <hvdkooij@vanderkooij.org>
To: Focus on Linux Mailing List <focus-linux@securityfocus.com>

On Wed, 9 Jan 2002, Jerome Tytgat wrote:

> I need help in using or finding a good log analyzer.
>
> Logwatch is shipped with redhat 7.2 but I want to use it
> to analyze /var/log/kernel, /var/log/snort/*,
> /var/log/message[snort:]. But I can't find any scripts for
> snort for logwatch.

You need snortsnarf!

Hugo. 

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij@vanderkooij.org		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.

Relevant Pages

  • RE: cron scripts for maintenance
    ... All recent Redhat varieties include a logwatch package, ... your apps' logs), but it doesn't scale well for multiple systems. ... home grown scripts for tracking the success of backup jobs. ...
    (RedHat)
  • Re: new vcsa user?
    ... > I run redhat 7.2 and I just looked in my logwatch and saw the following! ...
    (comp.os.linux.security)
  • Re: Monitoring for hardware errors in /var/log/messages on GNU/Linux
    ... to focus in on hardware errors that occur on the box. ... on Redhat. ... RedHat used to ship something like logwatch. ... Logins, attempted logins via ssh, email sent/received, free disk space, mdadm stuff, and so on. ...
    (comp.os.linux.misc)
  • Log analyzer
    ... I need help in using or finding a good log analyzer. ... Logwatch is shipped with redhat 7.2 but I want to use it ... Logcheck is pretty good and fairly simple to configure but limited ... I can't find any real HOWTO document for Logwatch or Swatch. ...
    (Focus-Linux)
  • new vcsa user?
    ... I run redhat 7.2 and I just looked in my logwatch and saw the following! ... Connections: ... Service ftp: ...
    (comp.os.linux.security)