hi,
what kind of events are we talking about? Whatever rules you want to write
for sec, the events need to be recognized somehow, and in order to write a
regular expression (or other pattern) for this purpose, the event format
needs to be known.
Also, do you want to react to failed login events that happen in real-time,
or is your intention to search the past logs (say, 1 hour, 1 day or 1 week
old)? If you intend to search past log data for off-line incident analysis,
sec is probably not the right tool, since it is designed for analyzing and
correlating real-time events.
So if you could clarify your question a bit further, we might be able to
provide more assistance.
kind regards,
risto
2015-05-25 12:06 GMT+03:00 <arsl...@hvkk.tsk.tr>:
> Hi;
>
> I am new in SEC. I want to set a ruleset to display the last failed login
> attempt in Terminal. How can I display the outcome in Terminal? If you help
> me I will be glad.
>
>
>
> Best Regards.
>
>
>
>
>
> Sadettin ARSLAN
>
>
>
> Bu e-posta mesajı ve ekleri sadece gönderildiği kişi veya kuruma özeldir.
> Eğer doğru kişiye ulaşmadığını düşünüyorsanız, bu mesajın yönlendirilmesi,
> kopyalanması veya herhangi bir şekilde kullanılması yasaktır.Mesaj
> içeriğinde bulunan fikir ve yorumlar, sadece göndericiye aittir. Bu mesaj
> bilinen tüm virüslere karsı taranmıştır.
>
> This e-mail and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. If you are not the intended recipient you are hereby notified
> that any dissemination, copying or use of the information is prohibited.
> The opinions expressed in this message belong to sender alone. This e-mail
> has been scanned for all known computer viruses.
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
