Log Analysis
Posted: Wed Jul 26, 2006 3:32 amHello,
I want to analyze realtime grsecurity logs to report known attacks to the administrator or launch some scripts after detection. Do you know if yet exists a working way to derive matching rules to detect attacks from analyzing logs, or if exists something as a "plugin" or a "rules collection" for most common log analyzers? And, what log analyzer do you advise me for doing this work? I heard about swatch, tenshi... but i don't know which is the best for ease of using and flexibility. Which one do you prefer?
Thank you very much.
I want to analyze realtime grsecurity logs to report known attacks to the administrator or launch some scripts after detection. Do you know if yet exists a working way to derive matching rules to detect attacks from analyzing logs, or if exists something as a "plugin" or a "rules collection" for most common log analyzers? And, what log analyzer do you advise me for doing this work? I heard about swatch, tenshi... but i don't know which is the best for ease of using and flexibility. Which one do you prefer?
Thank you very much.