[grsec] Log Analysis

Ghido aghidottipiovan at yahoo.it
Wed Jul 26 05:11:37 EDT 2006


Hello,
I want to analyze realtime grsecurity logs to report known attacks to 
the administrator or launch some scripts after detection. Do you know if 
yet exists a working way to derive matching rules to detect attacks from 
analyzing logs, or if exists something as a "plugin" or a "rules 
collection" for most common log analyzers? And, what log analyzer do you 
advise me for doing this work? I heard about swatch, tenshi... but i 
don't know which is the best for ease of using and flexibility. Which 
one do you prefer?
Thank you very much.
Chiacchiera con i tuoi amici in tempo reale! 
 http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com 


More information about the grsecurity mailing list