Re: Tuning syslog analyzing tool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks, I'll give it a read.

On 4/12/09, Marcos Aurelio Rodrigues <deigratia33@xxxxxxxxx> wrote:
>
> I recommend that you read some papers and guides, starting with NIST
>
> http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf.
>
> []s
> Marcos
>
> On Wed, Apr 8, 2009 at 6:24 AM, Kenneth Holter <kenneho.ndu@xxxxxxxxx
> >wrote:
>
> > Hi all.
> >
> >
> > I've set up a loghost that collects and analyzes syslog entries from our
> > linux clients. To analyze the syslog entries we're using swatch, which
> > allows for real-time processing of the entries.
> >
> > What I'd very much like is some advice on which basic syslog entries is
> > should have swatch notify me about. I've already configured swatch to
> alert
> > me about messages containing words like "error", "fatal", "alert" and a
> > few expressions such as "bad username", but I'm sure I should add more.
> The
> > most important aspect, as I see it, is configuring swatch to alert me of
> > any
> > security related issues, so any advice on what to watch for here would be
> > greatly appreciated. Maybe someone have a set of (regular) expressions I
> > could incorporate into our setup?
> >
> >
> > Regards,
> > Kenneth Holter
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux