For SEC related questions, you may want to post to their mailing list. But what I do is use syslog-ng to take in my syslogs and send to specific files, depending on my needs. I start SEC as a service and it uses the various syslog-ng files as input (sec option -input). So you start SEC with all the appropriate options and a config file. SEC watches the syslog-ng file as it's being written to and monitors for matches based on your SEC config file. HTH, Chris On 8/25/06, Brian Loe <knobdy@gmail.com> wrote:

So... I'm look at these applications and trying to figure out how best to implement them - does anyone have thoughts?

I guess I haven't read enough of the man page yet, but I'm still not even sure how the SEC config file works (what you put into it)! But, both apps look promising - and the SEC page mentions another tool I'm going to check out as well... _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html