Hello,
I want to analyze realtime grsecurity logs to report known attacks to the administrator or launch some scripts after detection. Do you know if yet exists a working way to derive matching rules to detect attacks from analyzing logs, or if exists something as a "plugin" or a "rules collection" for most common log analyzers? And, what log analyzer do you advise me for doing this work? I heard about swatch, tenshi... but i don't know which is the best for ease of using and flexibility. Which one do you prefer?
Thank you very much.
Log Analysis
2 posts
• Page 1 of 1
by Thrawn » Sun Jul 30, 2006 11:58 am
For realtime log analysis i suggest logsurfer -> http://www.cert.dfn.de/eng/logsurf/
If you need help with it just ask me - maybe i can help.
If you need help with it just ask me - maybe i can help.
- Thrawn
- Posts: 35
- Joined: Wed Nov 23, 2005 9:54 am
2 posts
• Page 1 of 1