It sounds like you're looking for a host-based intrusion detection system.
I've used http://www.ossec.net/ , but it is clunky to set up and manage.
If I was setting up one again I would look at http://sagan.quadrantsec.com/
To get any idea of the sort of events it detects look at the rules at
https://github.com/beave/sagan-rules
On 10/01/2014 04:49 PM, Chris McQuistion wrote:
Do you guys have an auditing/monitoring tool that you like?
We were discussing this today and what exactly our options would be
for forensic investigation of our servers if they were attacked or
breached.
In a perfect world, it would be really nice to have something that
would monitor logins and commands and alert us if something looked amiss.
What do you think? What do you use?
Chris
--
--
You received this message because you are subscribed to the Google
Groups "NLUG" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nlug-talk?hl=en
---
You received this message because you are subscribed to the Google
Groups "NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
--
All the best,
Brian Pitts
--
--
You received this message because you are subscribed to the Google Groups
"NLUG" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nlug-talk?hl=en
---
You received this message because you are subscribed to the Google Groups "NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
