On 03/10/02 14:24 -0400, Ben Corman wrote: > I recently brought up a PIX firewall and have all the logs directed to a > Linux syslog server. I'm hoping you all can direct me towards a good log > watcher / parser that will alert me to suspicious activity. Well, you could go with syslog-ng and logcheck for this. The syslog-ng will let you sparate out the pix informaton into a single file, while logcheck is a script that does pattern matching on events you deem suspicious. The script is simple enough and the patterns are a simple text file. (Syslog-ng isn't really required but its filtering capabilities are rather useful)
Devdas Bhagat
