Thanks, I'll give it a read. On 4/12/09, Marcos Aurelio Rodrigues <deigratia33@xxxxxxxxx> wrote: > > I recommend that you read some papers and guides, starting with NIST > > http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf. > > []s > Marcos > > On Wed, Apr 8, 2009 at 6:24 AM, Kenneth Holter <kenneho.ndu@xxxxxxxxx > >wrote: > > > Hi all. > > > > > > I've set up a loghost that collects and analyzes syslog entries from our > > linux clients. To analyze the syslog entries we're using swatch, which > > allows for real-time processing of the entries. > > > > What I'd very much like is some advice on which basic syslog entries is > > should have swatch notify me about. I've already configured swatch to > alert > > me about messages containing words like "error", "fatal", "alert" and a > > few expressions such as "bad username", but I'm sure I should add more. > The > > most important aspect, as I see it, is configuring swatch to alert me of > > any > > security related issues, so any advice on what to watch for here would be > > greatly appreciated. Maybe someone have a set of (regular) expressions I > > could incorporate into our setup? > > > > > > Regards, > > Kenneth Holter > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
