Tuning syslog analyzing tool
Kenneth Holter
kenneho.ndu at gmail.com
Thu Apr 23 12:33:27 UTC 2009
Thanks for the link. Although is was quite useful, I'm actually more
interested in which "watchfor" statements to add in order to extract
security or other issues that are reported by the syslog clients.
On 4/13/09, Santhosh <amgsanthosh at yahoo.co.in> wrote:
>
> This one might be useful
>
> http://www.loganalysis.org/sections/signatures/log-swatch-skendrick.txt
>
> --Santhosh
>
> --- On *Wed, 8/4/09, Kenneth Holter <kenneho.ndu at gmail.com>* wrote:
>
>
> From: Kenneth Holter <kenneho.ndu at gmail.com>
> Subject: Tuning syslog analyzing tool
> To: redhat-list at redhat.com
> Date: Wednesday, 8 April, 2009, 2:54 PM
>
> Hi all.
>
>
> I've set up a loghost that collects and analyzes syslog entries from our
> linux clients. To analyze the syslog entries we're using swatch, which
> allows for real-time processing of the entries.
>
> What I'd very much like is some advice on which basic syslog entries is
> should have swatch notify me about. I've already configured swatch to alert
> me about messages containing words like "error", "fatal", "alert" and a
> few expressions such as "bad username", but I'm sure I should add more. The
> most important aspect, as I see it, is configuring swatch to alert me of
> any
> security related issues, so any advice on what to watch for here would be
> greatly appreciated. Maybe someone have a set of (regular) expressions I
> could incorporate into our setup?
>
>
> Regards,
> Kenneth Holter
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com<http://mc/compose?to=redhat-list-request@redhat.com>
> ?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
> ------------------------------
> Get rid of Add-Ons in your email ID. Get yourname at rocketmail.com. Sign up
> now!<http://in.rd.yahoo.com/tagline_dbid_15/*http://in.promos.yahoo.com/address>
More information about the redhat-list
mailing list