[logs] open source artificial ignorance-like systems
Andy_Bach at wiwb.uscourts.gov
Andy_Bach at wiwb.uscourts.gov
Tue Apr 17 15:09:47 PDT 2007
> What I've spent a lot of time looking for, with no success, is an open
> source system that will implement something similar but smarter than a
> simple grep from cron. What I ideally want is something that reads logs
> in real time, and has a list of "rules", if you will, which would be a
> list of regex's with an action for each.
As does logcheck (from the README:
Logcheck is based upon a log checking program called frequentcheck.sh
featured
in the Gauntlet(tm) firewall package by Trusted Information Systems Inc.
(http://www.tis.com). The logcheck shell script and logtail.c program have
been
completely re-written from scratch and is implemented in a slightly
different manner to accommodate for two methods of log file auditing:
1) By reporting everything you tell it to specifically look for via
keywords.
2) By reporting everything you didn't tell it to ignore via keywords.
used to be from Craig Rowland/psionic.com but that/he was aquired by cisco
and now:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_qanda_item09186a008031c931.shtml
It does come in rpms though.
a
Andy Bach
Systems Mangler
Internet: andy_bach at wiwb.uscourts.gov
VOICE: (608) 261-5738 FAX 264-5932
Punctuality is the virtue of the bored.
--Evelyn Waugh (1903-1966)
More information about the LogAnalysis
mailing list