cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Daniel Black <daniel AT cacert.org>
- To: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
- Subject: log analysis /IDS software
- Date: Wed, 17 Jun 2009 11:41:42 +1000
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
- Organization: CAcert
Dear lazyweb,
I'm after log analysis software for intrusion detection purposes (httpd and
iptables mainly but also syslog).
I want to be able to enter regex's of allowed and expected log messages and
those that don't match the list are marked as suspicious. I'd like an easy
interface to add regex's and see how effectively they match current and past
log messages.
Is anything close?
Maybe some integration to fail2ban eventually.
Daniel Black
--
Infrastructure System Administrator
CAcert
- log analysis /IDS software, Daniel Black, 06/17/2009
- Re: log analysis /IDS software, Jon Barber, 06/17/2009
- Re: log analysis /IDS software, Daniel Black, 06/17/2009
- Re: log analysis /IDS software, Wytze van der Raay, 06/24/2009
- Re: log analysis /IDS software, Daniel Black, 06/24/2009
- Re: log analysis /IDS software, Jon Barber, 06/17/2009
Archive powered by MHonArc 2.6.16.