For SEC related questions, you may want to post to their mailing list.<br><br>But what I do is use syslog-ng to take in my syslogs and send to specific files, depending on my needs. I start SEC as a service and it uses the various syslog-ng files as input (sec option -input).
<br><br>So you start SEC with all the appropriate options and a config file. SEC watches the syslog-ng file as it's being written to and monitors for matches based on your SEC config file.<br><br>HTH,<br>Chris<br><br><br>
<div><span class="gmail_quote">On 8/25/06, <b class="gmail_sendername">Brian Loe</b> <<a href="mailto:knobdy@gmail.com">knobdy@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
So... I'm look at these applications and trying to figure out how best<br>to implement them - does anyone have thoughts?<br><br>I guess I haven't read enough of the man page yet, but I'm still not<br>even sure how the SEC config file works (what you put into it)! But,
<br>both apps look promising - and the SEC page mentions another tool I'm<br>going to check out as well...<br>_______________________________________________<br>syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">
syslog-ng@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">
http://www.campin.net/syslog-ng/faq.html</a><br><br></blockquote></div><br>