Re: Tuning syslog analyzing tool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This one might be useful

http://www.loganalysis.org/sections/signatures/log-swatch-skendrick.txt

--Santhosh

--- On Wed, 8/4/09, Kenneth Holter <kenneho.ndu@xxxxxxxxx> wrote:

From: Kenneth Holter <kenneho.ndu@xxxxxxxxx>
Subject: Tuning syslog analyzing tool
To: redhat-list@xxxxxxxxxx
Date: Wednesday, 8 April, 2009, 2:54 PM

Hi all.


I've set up a loghost that collects and analyzes syslog entries from our
linux clients. To analyze the syslog entries we're using swatch, which
allows for real-time processing of the entries.

What I'd very much like is some advice on which basic syslog entries is
should have swatch notify me about. I've already configured swatch to alert
me about messages containing words like "error", "fatal", "alert" and a
few expressions such as "bad username", but I'm sure I should add more. The
most important aspect, as I see it, is configuring swatch to alert me of any
security related issues, so any advice on what to watch for here would be
greatly appreciated. Maybe someone have a set of (regular) expressions I
could incorporate into our setup?


Regards,
Kenneth Holter
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



      Get perfect Email ID for your Resume. Grab now http://in.promos.yahoo.com/address
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux