[syslog-ng] log for patterns
Peter Czanik
czanik at balabit.hu
Thu Sep 1 10:52:27 CEST 2011
Hello,
While my previous post was about Windows, we did not forget about our
UNIX/Linux users :) I'd like to extend our pattern database with new
patterns. So I have some related questions:
- Until now we dealt mostly with login/logut events of different
applications, as this is one of the most interesting information on
servers. Is it OK with you, or we should cover also other events? (Which?)
- Which applications are you mostly interested in?
- Creating logs in a "lab" environment just for pattern creation is very
time consuming. It would be very helpful for us, if you could send logs
in exchange for patterns. Just make sure, that there is no sensitive
data left in the logs, as the result will be published to make it
available for the whole syslog-ng community.
I published a blog (
http://czanik.blogs.balabit.com/2010/11/log-sample-collecting-project/
), how I collect logs for pattern creation, but of course, any logs are
welcome!
Bye,
--
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/
More information about the syslog-ng
mailing list