Re: [c-nsp] Any good filters for syslog output

2008-12-18 Thread Eric Van Tol
-Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Tuc at T-B-O-H Sent: Wednesday, December 17, 2008 3:54 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Any good filters for syslog output Hi, We are going

Re: [c-nsp] Any good filters for syslog output

2008-12-18 Thread William
...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Tuc at T-B-O-H Sent: Wednesday, December 17, 2008 3:54 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Any good filters for syslog output Hi, We are going to be monitoring the syslog output (We already have a product

Re: [c-nsp] Any good filters for syslog output

2008-12-18 Thread Christian Zeng
Hi, * Eric Cables ecab...@gmail.com wrote: I've been using swatch for a couple of years now, and have been pretty happy with it (I used CiscoWorks' built-in syslog analyzer before, yuck!). I have had ambitions to test out SEC (Simple Event Correlator), which appears to still be developed (not

Re: [c-nsp] Any good filters for syslog output

2008-12-18 Thread Martin Moens
Eric Van Tol wrote: -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Tuc at T-B-O-H Sent: Wednesday, December 17, 2008 3:54 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Any good filters for syslog output Hi

Re: [c-nsp] Any good filters for syslog output

2008-12-18 Thread Jason LeBlanc
The other nice thing about SEC is that it can handle a busy log server without nuking the cpu. You can get pretty crazy with it too in terms of complexity. Christian Zeng wrote: Hi, * Eric Cables ecab...@gmail.com wrote: I've been using swatch for a couple of years now, and have been

[c-nsp] Any good filters for syslog output

2008-12-17 Thread Tuc at T-B-O-H
Hi, We are going to be monitoring the syslog output (We already have a product (Zenoss)). Does anyone know of a repository of the Watch for these regular expressions to decide what is worth looking into, and whats worth ignoring. Thanks, Tuc

Re: [c-nsp] Any good filters for syslog output

2008-12-17 Thread Peter Rathlev
On Wed, 2008-12-17 at 15:54 -0500, Tuc at T-B-O-H wrote: We are going to be monitoring the syslog output (We already have a product (Zenoss)). Does anyone know of a repository of the Watch for these regular expressions to decide what is worth looking into, and whats worth ignoring. I don't

Re: [c-nsp] Any good filters for syslog output

2008-12-17 Thread Paul Stewart
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Peter Rathlev Sent: December 17, 2008 5:53 PM To: Tuc at T-B-O-H Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Any good filters for syslog output On Wed, 2008-12-17 at 15:54 -0500, Tuc at T-B-O-H wrote: We are going to be monitoring the syslog

Re: [c-nsp] Any good filters for syslog output (Tuc at T-B-O-H)

2008-12-17 Thread Andy Saykao
You can use OSSEC (http://www.ossec.net/) to monitor your log files for you. It's pretty easy to set up and then you can set up your own custom filters like below. When OSSEC finds a match in the log it will email you. For example we have OSSEC monitoring a few syslog messages like: rule