Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Mar 2005 09:01:32 -0500 (EST)
From:      "Jerry Bell" <jbell@stelesys.com>
To:        sgnezdov@sergei.homeunix.org
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Howto monitor system security
Message-ID:  <2100.209.134.164.137.1110981692.squirrel@209.134.164.137>
In-Reply-To: <slrnd3fpqq.1k14.use-reply-to@sergei.homeunix.org>
References:  <slrnd39e2s.1gru.use-reply-to@sergei.homeunix.org> <4557.24.98.86.57.1110773047.squirrel@24.98.86.57> <slrnd3fpqq.1k14.use-reply-to@sergei.homeunix.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
I've recently started using devialog (http://devialog.sourceforge.net/),
which is pretty good at sending exceptions to you.

Examlog (http://examlog.sourceforge.net/index.php) is by far the most
popular that I've seen, but I have not had a chance to try it on FreeBSD.

Lire (http://logreport.org/lire/) is a good all-around choice - it has
built in recognition for many different types of logs, but I found it a
bit hard to use.  If you are comfortable with it, I'd try this one.

I've heard of several companies that have part of the security monitoring
built around logwatch (http://www2.logwatch.org:81/), but it takes a good
amount of customizing to get it to where it's really useful.

Jerry
http://www.syslog.org


> On 2005-03-14, Jerry Bell <jbell@stelesys.com> wrote:
>> There are many tools that will send alerts to you, but very few that
>> will
>> work "out of the box", without some level of tuning.  There is a
>> collection of them here:
>> http://www.syslog.org/Web_Links+index-req-viewlink-cid-4.phtml and here:
>> http://www.syslog.org/Web_Links+index-req-viewlink-cid-19.phtml
>
> I see lots of log analizer tools.  Which one is a good choice?
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2100.209.134.164.137.1110981692.squirrel>