AW: [logs] How do you cull through serial console logs?
christian.folini at post.ch
christian.folini at post.ch
Sun Mar 9 23:48:00 PDT 2008
I'd give SEC (Simple Event Correlator) a shot.
These are some good intros:
http://en.hakin9.org/attachments/pdf/hakin9_05_2006_10_EN_str28-39.pdf
http://sixshooter.v6.thrupoint.net/SEC-examples/article.html
http://sixshooter.v6.thrupoint.net/SEC-examples/article-part2.html
http://arstechnica.com/articles/columns/linux/linux-20050519.ars
Cheers,
Christian
-----Ursprüngliche Nachricht-----
Von: loganalysis-bounces at loganalysis.org [mailto:loganalysis-bounces at loganalysis.org] Im Auftrag von Zonker Harris
Gesendet: Freitag, 7. März 2008 22:38
An: loganalysis at loganalysis.org
Betreff: [logs] How do you cull through serial console logs?
I'm using Conserver, which makes reverse-TCP connections to console server serial ports, so I can manage my hosts and net gear. This results in an ASCII text file for each device.
What tool(s) can I use to watch all (500+) files for 'interesting'
strings, like malloc errors, failed logins, net connection/port/link failures?
I've found log watcher, but it is a one- file-at-a-time deal. I'd rather not reinvent the wheel if there is a good answer out there. I'm hoping to get to RSA con this year, and perhaps find other pointers to share.
Thank you for any tips,
=Z=
http://www.conserved.com/consoles/
http://consoleteam.blogspot.com/
_______________________________________________
LogAnalysis mailing list
LogAnalysis at loganalysis.org
http://www.loganalysis.org/mailman/listinfo/loganalysis
More information about the LogAnalysis
mailing list