[syslog-ng]Log monitoring

netsec novice syslog-ng@lists.balabit.hu
Mon, 09 Jun 2003 18:01:04 +0000 

It sounds like what I'm looking for.  Would you mind sending me more 
details?  I am a relative newbie to syslog and linux.  I appreciate anything 
you can share.

Nicole


>From: Nicholas Bernstein <nick@docmagic.com>
>Reply-To: syslog-ng@lists.balabit.hu
>To: syslog-ng@lists.balabit.hu
>Subject: Re: [syslog-ng]Log monitoring
>Date: 09 Jun 2003 10:56:57 -0700
>
>We have a similar circumstance, where we basically have our logs
>filtered, and the events that we want put into a separate log file. Then
>we grep the log based on time stamp & count the number of lines. The
>counter runs from cron every minute, and sends out an email if the
>number is higher than the threshold.
>
>Hope that helps!
>Nick
>
>On Mon, 2003-06-09 at 10:42, netsec novice wrote:
> > I am looking for a tool that would allow me to perform an action(send
> > e-mail) when a particular event meets a threshhold.  I have my IDS tuned 
>to
> > the point where I have a good sense of how many alerts I receive in an 
>hour.
> >   I know I can send an alert based on matching a particular alert but 
>what I
> > would really like to do is send notification based on whether I receive 
>more
> > than 10 alerts in less than an hour.  I hope my intention is clear 
>here...
> > I know there are products out there such as Swatch or logwatch but I 
>haven't
> > seen anything that alerts on thresholds rather than pattern matching 
>only.
> > My idea here is to set up something that watches my logs continuously 
>and if
> > I get more than 10 alerts within an hour or less during any part of the 
>day
> > - I would be paged.  I am not a Perl guru so any help I can get in 
>getting
> > started is appreciated.  My guess is that someone has already invented 
>the
> > wheel - I just don't know where it is.
> >
> > Thanks for any guidance...
> > Nicole
> >
> > _________________________________________________________________
> > Add photos to your e-mail with MSN 8. Get 2 months FREE*.
> > http://join.msn.com/?page=features/featuredemail
> >
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>--
>+---------------------------------------------------------------+
>| Nicholas Bernstein            | nick@docmagic.com             |
>| UNIX Systems Administrator    | http://www.docmagic.com       |
>| Document Systems Inc.         |                               |
>+---------------------------------------------------------------+
>
>_______________________________________________
>syslog-ng maillist  -  syslog-ng@lists.balabit.hu
>https://lists.balabit.hu/mailman/listinfo/syslog-ng
>Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail