[syslog-ng] unable to setup syslog-ng for log monitoring
Jakub Jankowski
shasta at toxcorp.com
Tue Nov 30 11:09:43 CET 2010
On 2010-11-30, Supratik Goswami wrote:
> Can you please suggest me some solution on how to overcome this situation.
>
> My main purpose is to invoke the script which will send an alert mail only
> when
> there is a match of "attackalert" found in the log file.
For goals like yours, I'd recommend Simple Event Correlator, which was
made exactly for this kind of job. See:
http://simple-evcorr.sourceforge.net/
http://sixshooter.v6.thrupoint.net/SEC-examples/article.html
HTH,
--
Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
More information about the syslog-ng
mailing list