I recommend that you read some papers and guides, starting with NIST http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf. []s Marcos On Wed, Apr 8, 2009 at 6:24 AM, Kenneth Holter <kenneho.ndu@xxxxxxxxx>wrote: > Hi all. > > > I've set up a loghost that collects and analyzes syslog entries from our > linux clients. To analyze the syslog entries we're using swatch, which > allows for real-time processing of the entries. > > What I'd very much like is some advice on which basic syslog entries is > should have swatch notify me about. I've already configured swatch to alert > me about messages containing words like "error", "fatal", "alert" and a > few expressions such as "bad username", but I'm sure I should add more. The > most important aspect, as I see it, is configuring swatch to alert me of > any > security related issues, so any advice on what to watch for here would be > greatly appreciated. Maybe someone have a set of (regular) expressions I > could incorporate into our setup? > > > Regards, > Kenneth Holter > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
