
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Resources
|
449
Over the years, I’ve found these sorts of utilities to be a nice sanity check against
other mechanisms. However, be forewarned: you won’t learn about anything impor-
tant in such a log report until well after the fact! Therefore I recommend using log
reporters in addition to, not instead of, real-time log-checkers such as Syslog-ng
match( ) rules and Swatch.
SUSE’s log reporting package is called logdigest; Debian’s is called logcheck; Red Hat
and Fedora use logwatch. See these tools’ respective manpages for configuration and
usage information.
Resources
http://www.balabit.com
Official home of Syslog-ng.
Campin, Nate. “Central Loghost Mini-HOWTO.” (http://www.campin.net/
newlogcheck.html)
Nate’s site is an all-around excellent source of Syslog-ng information.
http://swatch.sourceforge.net
Swatch home page. (Has links to the latest version, online manpages, etc.)
http://www.cert.dfn.de/eng/logsurf/
Logsurfer home page. (An alternative to Swatch, provided by CERT-DFN.)
Friedl, Jeffrey E. F. Mastering Regular Expressions. Sebastopol, CA: O’Reilly, 1998.
http://defconX.wiremonkeys.org
The slideshow from my Defcon X talk “Stealthful Sniffing, Logging, and Intru-
sion Detection: Useful and Fun Things You Can Do Without An IP Address.”