From owner-freebsd-questions@FreeBSD.ORG Wed Mar 16 14:01:33 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC7C116A4CE for ; Wed, 16 Mar 2005 14:01:33 +0000 (GMT) Received: from stelesys.com (web1.stelesys.com [63.175.100.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EF4F43D53 for ; Wed, 16 Mar 2005 14:01:33 +0000 (GMT) (envelope-from jbell@stelesys.com) Received: from [127.0.0.1] (helo=www.stelesys.com) by stelesys.com with esmtpa (Exim 4.44 (FreeBSD)) id 1DBZ5Y-000K8K-QS; Wed, 16 Mar 2005 09:01:32 -0500 Received: from 209.134.164.137 (SquirrelMail authenticated user jbell@stelesys.com); by www.stelesys.com with HTTP; Wed, 16 Mar 2005 09:01:32 -0500 (EST) Message-ID: <2100.209.134.164.137.1110981692.squirrel@209.134.164.137> In-Reply-To: References: <4557.24.98.86.57.1110773047.squirrel@24.98.86.57> Date: Wed, 16 Mar 2005 09:01:32 -0500 (EST) From: "Jerry Bell" To: sgnezdov@sergei.homeunix.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal cc: freebsd-questions@freebsd.org Subject: Re: Howto monitor system security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2005 14:01:34 -0000 I've recently started using devialog (http://devialog.sourceforge.net/), which is pretty good at sending exceptions to you. Examlog (http://examlog.sourceforge.net/index.php) is by far the most popular that I've seen, but I have not had a chance to try it on FreeBSD. Lire (http://logreport.org/lire/) is a good all-around choice - it has built in recognition for many different types of logs, but I found it a bit hard to use. If you are comfortable with it, I'd try this one. I've heard of several companies that have part of the security monitoring built around logwatch (http://www2.logwatch.org:81/), but it takes a good amount of customizing to get it to where it's really useful. Jerry http://www.syslog.org > On 2005-03-14, Jerry Bell wrote: >> There are many tools that will send alerts to you, but very few that >> will >> work "out of the box", without some level of tuning. There is a >> collection of them here: >> http://www.syslog.org/Web_Links+index-req-viewlink-cid-4.phtml and here: >> http://www.syslog.org/Web_Links+index-req-viewlink-cid-19.phtml > > I see lots of log analizer tools. Which one is a good choice? > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >