Howto monitor system security

Jerry Bell jbell at stelesys.com
Wed Mar 16 06:01:34 PST 2005


I've recently started using devialog (http://devialog.sourceforge.net/),
which is pretty good at sending exceptions to you.

Examlog (http://examlog.sourceforge.net/index.php) is by far the most
popular that I've seen, but I have not had a chance to try it on FreeBSD.

Lire (http://logreport.org/lire/) is a good all-around choice - it has
built in recognition for many different types of logs, but I found it a
bit hard to use.  If you are comfortable with it, I'd try this one.

I've heard of several companies that have part of the security monitoring
built around logwatch (http://www2.logwatch.org:81/), but it takes a good
amount of customizing to get it to where it's really useful.

Jerry
http://www.syslog.org


> On 2005-03-14, Jerry Bell <jbell at stelesys.com> wrote:
>> There are many tools that will send alerts to you, but very few that
>> will
>> work "out of the box", without some level of tuning.  There is a
>> collection of them here:
>> http://www.syslog.org/Web_Links+index-req-viewlink-cid-4.phtml and here:
>> http://www.syslog.org/Web_Links+index-req-viewlink-cid-19.phtml
>
> I see lots of log analizer tools.  Which one is a good choice?
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>




More information about the freebsd-questions mailing list