>
> See what "Swatch" can do for you.
> ftp://ftp.Stanford.EDU/general/security-tools/swatch
& don't forget logsurfer. i find logsurfer better than swatch.
no perl. just c code. it's uses the GNU regex code. it's easy to
configure to hold contexts for messages. something like:
the router has reported a link down message - if i don't see a link
up within 30 minutes i'll notify you.
it's useful for notifying you of exceptions. i.e. you can build up
a config which lets you know all log messages in a given time period
which didn't match any rule you've specified.
logsurfer is available from:
ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer
hope this helps,
pauline
Pauline van Winsen pauline @
uniq .
com .
au
Uniq Professional Services Pty Ltd www.uniq.com.au
PO Box 70, Paddington, NSW 2021, (Sydney) Australia
Phone: +61-2-9380-6360 Fax: +61-2-9380-6416 Pager: 016 287 000
"Never try to flirt with your boss... he's your bread & butter and
not your honey."
The boss is not your honey - Book 3, Woman's World, circa 1964.
|
|
