cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Jon Barber <cacert AT bhnb.co.uk>
- To: cacert-sysadm AT lists.cacert.org
- Subject: Re: log analysis /IDS software
- Date: Wed, 17 Jun 2009 06:57:07 +0000
On Wed, Jun 17, 2009 at 11:41:42AM +1000, Daniel Black wrote:
> I'm after log analysis software for intrusion detection purposes (httpd and
> iptables mainly but also syslog).
>
> I want to be able to enter regex's of allowed and expected log messages and
> those that don't match the list are marked as suspicious. I'd like an easy
> interface to add regex's and see how effectively they match current and
> past
> log messages.
>
> Is anything close?
>
> Maybe some integration to fail2ban eventually.
>
http://www.ossec.net. Not sure about the ;'easy interface' (I believe there
is a GUI, but I prefer command lines). You wouldn't need fail2ban as it has
'active response' integrated which does the same thing. It's quite modular,
so you don't need to run all of its features. I'm not involved with the
project other than as a satisfied user.
Cheers
Jon
- log analysis /IDS software, Daniel Black, 06/17/2009
- Re: log analysis /IDS software, Jon Barber, 06/17/2009
- Re: log analysis /IDS software, Daniel Black, 06/17/2009
- Re: log analysis /IDS software, Wytze van der Raay, 06/24/2009
- Re: log analysis /IDS software, Daniel Black, 06/24/2009
- Re: log analysis /IDS software, Jon Barber, 06/17/2009
Archive powered by MHonArc 2.6.16.