Justin Krejci wrote:
Check out splunk (or similar) for multiple disparate event log correlations.
I'm not really looking for solutions right now. I just wanted to comment
on the "stealth" techniques in use by those running botnets.
When I do look for solutions, I prefer open source tools that are
minimalist to the extent possible. Thus, I chose mon
(http://mon.wiki.kernel.org/) for monitoring systems and services, and I
would first consider SEC (http://simple-evcorr.sourceforge.net/) for
correlating events in logs from multiple servers. That's just a personal
preference, though.
---------------
Chris Hoogendyk
-
O__ ---- Systems Administrator
c/ /'_ --- Biology & Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst
<hoogen...@bio.umass.edu>
---------------
Erdös 4
