Re: important errors to control with swatch

---

• From: Reynold McGuire <rmcguire@xxxxxxxxxxx>
• Date: Mon, 19 Nov 2007 18:54:42 -0500

---

I moved away from SWATCH quite some time ago as it was always crashing.

SEC, simple event correlator may be better, and it uses perl regular expressions.

http://kodu.neti.ee/~risto/sec/

- Reynold

Isaac Perez Moncho wrote:

Hello,
I just installed swatch, and used this configuration file for the
checks:
http://www.loganalysis.org/sections/signatures/log-swatch-skendrick.txt

Anyone knows any other common phrase or word that I should find the logs
for hardware and system errors?
Or what you consider important to monitor in the logs?
Thanks

---

• References:
  • important errors to control with swatch
    • From: Isaac Perez Moncho

• Prev by Date: important errors to control with swatch
• Next by Date: Re: important errors to control with swatch
• Previous by thread: important errors to control with swatch
• Next by thread: Re: important errors to control with swatch
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: security log file parser / ids ... >logs. ... anyone got a hint? ... Do you mean output to syslog? ... I'd suggest swatch ... (FreeBSD-Security) Re: Apache log file monitor ... CD> I occasionally see you guys talk about what appeared in your Apache ... CD> logs the night before. ... What utilities do you guys use to monitor your ... Try to use Swatch. ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-linux  > 2007-11