[syslog-ng]Log monitoring
Marc Mamane
syslog-ng@lists.balabit.hu
Mon, 9 Jun 2003 13:46:35 -0400
Try this... http://www.estpak.ee/~risto/sec/
Marc Mamane
GuardedNet, Inc.
-----Original Message-----
From: netsec novice [mailto:netsec9@hotmail.com]=20
Sent: Monday, June 09, 2003 1:42 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Log monitoring
I am looking for a tool that would allow me to perform an action(send=20
e-mail) when a particular event meets a threshhold. I have my IDS tuned
to=20
the point where I have a good sense of how many alerts I receive in an
hour.=20
I know I can send an alert based on matching a particular alert but
what I=20
would really like to do is send notification based on whether I receive
more=20
than 10 alerts in less than an hour. I hope my intention is clear
here... =20
I know there are products out there such as Swatch or logwatch but I
haven't=20
seen anything that alerts on thresholds rather than pattern matching
only. =20
My idea here is to set up something that watches my logs continuously
and if=20
I get more than 10 alerts within an hour or less during any part of the
day=20
- I would be paged. I am not a Perl guru so any help I can get in
getting=20
started is appreciated. My guess is that someone has already invented
the=20
wheel - I just don't know where it is.
Thanks for any guidance...
Nicole
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. =20
http://join.msn.com/?page=3Dfeatures/featuredemail
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html