6 Aug
2007
6 Aug
'07
1:15 a.m.
On Sat, Aug 04, 2007 at 02:13:15PM +0200, fredzy padzy wrote:
I think SEC can do what you're looking for.
Simple Events Correlator is a powerful perl script which can detect special logs.
Just have a look at :http://www.estpak.ee/~risto/sec/
after that, you'l have to write your own rules which is pretty simple
SEC works out really well for me. I have it notify people via email of expiring LDAP passwords, email things being logged in the monitoring system, submit monitoring alerts for things found in the logs, and even reach out and fix problems (using cfrun from cfengine). Pipe directly into it from syslog-ng like I show here: http://www.campin.net/newlogcheck.html#sec -- Nate "COFFEE.EXE missing. Insert cup and press any key." -Anon.