Thanks for the link. Although is was quite useful, I'm actually more interested in which "watchfor" statements to add in order to extract security or other issues that are reported by the syslog clients. On 4/13/09, Santhosh <amgsanthosh@xxxxxxxxxxx> wrote: > > This one might be useful > > http://www.loganalysis.org/sections/signatures/log-swatch-skendrick.txt > > --Santhosh > > --- On *Wed, 8/4/09, Kenneth Holter <kenneho.ndu@xxxxxxxxx>* wrote: > > > From: Kenneth Holter <kenneho.ndu@xxxxxxxxx> > Subject: Tuning syslog analyzing tool > To: redhat-list@xxxxxxxxxx > Date: Wednesday, 8 April, 2009, 2:54 PM > > Hi all. > > > I've set up a loghost that collects and analyzes syslog entries from our > linux clients. To analyze the syslog entries we're using swatch, which > allows for real-time processing of the entries. > > What I'd very much like is some advice on which basic syslog entries is > should have swatch notify me about. I've already configured swatch to alert > me about messages containing words like "error", "fatal", "alert" and a > few expressions such as "bad username", but I'm sure I should add more. The > most important aspect, as I see it, is configuring swatch to alert me of > any > security related issues, so any advice on what to watch for here would be > greatly appreciated. Maybe someone have a set of (regular) expressions I > could incorporate into our setup? > > > Regards, > Kenneth Holter > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx<http://mc/compose?to=redhat-list-request@xxxxxxxxxx> > ?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > > ------------------------------ > Get rid of Add-Ons in your email ID. Get yourname@xxxxxxxxxxxxxxx Sign up > now!<http://in.rd.yahoo.com/tagline_dbid_15/*http://in.promos.yahoo.com/address> -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list