[unisog] [Fwd: Re: OSS monitoring recommendations]

Dave Dittrich dittrich at u.washington.edu
Sat Oct 1 06:34:52 GMT 2005


> >>>I've been doing my research and now I know that I might be needing a SIM
> >>>solution but I really would appreciate your advice on a good and solid
> >>>solution that meets these requirements at least.
> >>
> >>
> >>1) syslog-ng on a unix box.
> >>2) 'tail -f firewall.log |grep a.b.c.d'

If you want to look for any IP in your CIDR blocks (or host name in
your domains), try my "ipgrep" utility.  It was based on a tool
developed by Corey Satten at the UW (creator of the NDC Logical
Firewall and many other useful tools.)

	http://staff.washington.edu/dittrich/tools/ipgrep.tar

--
Dave Dittrich                           Information Assurance Researcher,
dittrich at u.washington.edu               The iSchool
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5


More information about the unisog mailing list