This one might be useful http://www.loganalysis.org/sections/signatures/log-swatch-skendrick.txt --Santhosh --- On Wed, 8/4/09, Kenneth Holter <kenneho.ndu@xxxxxxxxx> wrote: From: Kenneth Holter <kenneho.ndu@xxxxxxxxx> Subject: Tuning syslog analyzing tool To: redhat-list@xxxxxxxxxx Date: Wednesday, 8 April, 2009, 2:54 PM Hi all. I've set up a loghost that collects and analyzes syslog entries from our linux clients. To analyze the syslog entries we're using swatch, which allows for real-time processing of the entries. What I'd very much like is some advice on which basic syslog entries is should have swatch notify me about. I've already configured swatch to alert me about messages containing words like "error", "fatal", "alert" and a few expressions such as "bad username", but I'm sure I should add more. The most important aspect, as I see it, is configuring swatch to alert me of any security related issues, so any advice on what to watch for here would be greatly appreciated. Maybe someone have a set of (regular) expressions I could incorporate into our setup? Regards, Kenneth Holter -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list Get perfect Email ID for your Resume. Grab now http://in.promos.yahoo.com/address -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
