Tuning syslog analyzing tool
Marcos Aurelio Rodrigues
deigratia33 at gmail.com
Sun Apr 12 17:09:38 UTC 2009
I recommend that you read some papers and guides, starting with NIST
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf.
[]s
Marcos
On Wed, Apr 8, 2009 at 6:24 AM, Kenneth Holter <kenneho.ndu at gmail.com>wrote:
> Hi all.
>
>
> I've set up a loghost that collects and analyzes syslog entries from our
> linux clients. To analyze the syslog entries we're using swatch, which
> allows for real-time processing of the entries.
>
> What I'd very much like is some advice on which basic syslog entries is
> should have swatch notify me about. I've already configured swatch to alert
> me about messages containing words like "error", "fatal", "alert" and a
> few expressions such as "bad username", but I'm sure I should add more. The
> most important aspect, as I see it, is configuring swatch to alert me of
> any
> security related issues, so any advice on what to watch for here would be
> greatly appreciated. Maybe someone have a set of (regular) expressions I
> could incorporate into our setup?
>
>
> Regards,
> Kenneth Holter
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list