Christopher Morrow morrowc.li...@gmail.com wrote:
On Thu, Aug 29, 2013 at 10:50 AM, Don Wilder don.wil...@gmail.com
wrote:
I wrote a script in Linux that watches for unauthorized login
attempts and
adds the ip address to the blocked list in my firewall. You might
want to
search sourceforge
On Fri, Aug 30, 2013 at 8:55 AM, Shawn Wilson ag4ve...@gmail.com wrote:
Christopher Morrow morrowc.li...@gmail.com wrote:
On Thu, Aug 29, 2013 at 10:50 AM, Don Wilder don.wil...@gmail.com
wrote:
I wrote a script in Linux that watches for unauthorized login
attempts and
adds the ip address to
Ah it seems they do:
https://github.com/fail2ban/fail2ban/blob/master/config/action.d/iptables-ipset-proto6.conf
IDK enough about fail2ban to know whether I can assign a per proto or per
log type config (I assume I can). In which casethis does what my script
does and then some. I would probably
You should look into SPLUNK (http://www.splunk.com/), it will collect/store
your syslog data and you can run customized reports and then act on them.
On Thu, Aug 29, 2013 at 8:03 AM, Kasper Adel karim.a...@gmail.com wrote:
Hello.
I am looking for a way to do proactive monitoring of my
On Aug 29, 2013, at 8:03 PM, Kasper Adel wrote:
I am sure there are many tools that can do parsing of syslog and acting upon
it but i wonder if there is something more flexible out there that I can just
re-use to do the above ?
http://simple-evcorr.sourceforge.net/
http://www.splunk.com/
Look at Logstash, http://logstash.net.
Rsyslog can do a bit, on Windows you could look at the Solarwinds Kiwi
syslog server.
On Thu, Aug 29, 2013 at 9:10 AM, Jason Biel ja...@biel-tech.com wrote:
You should look into SPLUNK (http://www.splunk.com/), it will
collect/store
your syslog data
For some straightforward things I have used Logdog
(http://caspian.dotconf.net/menu/Software/LogDog/).
With kind regards,
Thijs Stuurman
-Original Message-
From: Kasper Adel [mailto:karim.a...@gmail.com]
Sent: donderdag 29 augustus 2013 15:03
To: NANOG list
Subject: Parsing
My view on splunk,
+1 if you intend to have a human act on the reports, it does an
excellent job of reducing huge amounts of audit data into the valuable
bits.
-1 Seemed to be a pita to integrate with my scripting enviroment. I
ended up kludging wget,awk and telnet together in a totally
Since you said you are willing to entertain home grown as well. I would
recommend looking at simple event correlator which is a perl script
designed to do the kind of thing you are talking about. I've used it in the
past to trigger bgp black holing and mail blacklists for example.
On Thu, Aug
On 8/29/2013 9:03 AM, Kasper Adel wrote:
Hello.
I am looking for a way to do proactive monitoring of my network, what I am
specifically thinking about is receiving syslog msgs from the routers and
You might want to look at
http://www.ossec.net/
---Mike
--
---
I wrote a script in Linux that watches for unauthorized login attempts and
adds the ip address to the blocked list in my firewall. You might want to
search sourceforge for a DYN Firewall and modify it from there.
On Thu, Aug 29, 2013 at 10:44 AM, Mike Tancsa m...@sentex.net wrote:
On 8/29/2013
Check out Sagan: http://sagan.quadrantsec.com/
On 8/29/13 6:03 AM, Kasper Adel wrote:
Hello.
I am looking for a way to do proactive monitoring of my network, what I am
specifically thinking about is receiving syslog msgs from the routers and
the backend engine would correlate certain msgs
Yes. Logstash shipper on your syslog proxy, forward to elasticsearch. Graylog2
is very cool. Tried kibana and didn't care for it.
Actually setting up graylog2 right now to do AD authentication.
So workflow is
End device - syslog-ng vm - graylog2/elasticsearch vm and other destinations
(it
+1 on Splunk or if you don't mind using a SAS service check out
https://papertrailapp.com/
Carlos Alcantar
Race Communications / Race Team Member
1325 Howard Ave. #604, Burlingame, CA. 94010
Phone: +1 415 376 3314 / car...@race.com / http://www.race.com
-Original Message-
From:
http://www.elasticsearch.com/blog/welcome-jordan-logstash/
So now Logstash and Elasticsearch will be even more integrated than before.
With Kibana on top of that, this seems like the ultimate log data do
stuff stack.
--chip
On Thu, Aug 29, 2013 at 2:03 PM, Carlos Alcantar car...@race.com
On Thu, Aug 29, 2013 at 10:50 AM, Don Wilder don.wil...@gmail.com wrote:
I wrote a script in Linux that watches for unauthorized login attempts and
adds the ip address to the blocked list in my firewall. You might want to
search sourceforge for a DYN Firewall and modify it from there.
because
16 matches
Mail list logo