Firewalls: Re: Ability To Track Logs

Firewalls
(June 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Ability To Track Logs
From:	RHS Linux User <coy @ coy . com>
Date:	Mon, 3 Jun 1996 18:14:54 -0500 (CDT)
To:	ygerman <ygerman @ genre . com>
Cc:	Firewalls <Firewalls @ GreatCircle . COM>
In-reply-to:	<9606031534 . AA0078 @ grcstm-nx02 . genre . com>

On 3 Jun 1996, ygerman wrote:

> I am in a bind on how to accomplish something on our firewall.
> I would like to check the logs on the firewall continuosly looking for certain 
> fields and based on the fields initiate an action. The action will be mail to a 
> different address depending on the field found.
> 
> Currently I am seting this up via a c shell script and doing a grep for certain 
> things every hour. The problem is I would like not to have to wait an hour. Has 
> anyone had any experience with this. Is there a way to accomplish this easier? 
> Please respond as soon as possible, thanks!

Have you considered Swatch (available at ftp://coast.cs.purdue.edu/pub/tools/unix/swatch)?  
It watches a log file and takes an action when a pattern matches. 

Chip Coy   coy @
 coy .
 com   http://www.awebs.com/~coy/
"Do not mistake composure for ease." - Tuvok

References:

Ability To Track Logs
From: ygerman <ygerman @ genre . com>

Indexed By Date	Previous:	RE: Memra From: Michael Dillon <michael @ memra . com>
Indexed By Date	Next:	RE: Firewalls-Digest V5 #356 From: Richard Ruda <rruda @ osti . com>
Indexed By Thread	Previous:	Re: Ability To Track Logs From: Dennis Moroney <dennis @ SterCtl . com>
Indexed By Thread	Next:	Re: Sidewinder: Re: FW: MISSI- and DMS- compliancy From: "Patrick M. Bartkus" <102557 . 3370 @ CompuServe . COM>