Tuning syslog analyzing tool
Santhosh
amgsanthosh at yahoo.co.in
Mon Apr 13 14:12:35 UTC 2009
This one might be useful
http://www.loganalysis.org/sections/signatures/log-swatch-skendrick.txt
--Santhosh
--- On Wed, 8/4/09, Kenneth Holter <kenneho.ndu at gmail.com> wrote:
From: Kenneth Holter <kenneho.ndu at gmail.com>
Subject: Tuning syslog analyzing tool
To: redhat-list at redhat.com
Date: Wednesday, 8 April, 2009, 2:54 PM
Hi all.
I've set up a loghost that collects and analyzes syslog entries from our
linux clients. To analyze the syslog entries we're using swatch, which
allows for real-time processing of the entries.
What I'd very much like is some advice on which basic syslog entries is
should have swatch notify me about. I've already configured swatch to alert
me about messages containing words like "error", "fatal", "alert" and a
few expressions such as "bad username", but I'm sure I should add more. The
most important aspect, as I see it, is configuring swatch to alert me of any
security related issues, so any advice on what to watch for here would be
greatly appreciated. Maybe someone have a set of (regular) expressions I
could incorporate into our setup?
Regards,
Kenneth Holter
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Get perfect Email ID for your Resume. Grab now http://in.promos.yahoo.com/address
More information about the redhat-list
mailing list