[unisog] [Fwd: Re: OSS monitoring recommendations]
dittrich at u.washington.edu
Sat Oct 1 06:34:52 GMT 2005
> >>>I've been doing my research and now I know that I might be needing a SIM
> >>>solution but I really would appreciate your advice on a good and solid
> >>>solution that meets these requirements at least.
> >>1) syslog-ng on a unix box.
> >>2) 'tail -f firewall.log |grep a.b.c.d'
If you want to look for any IP in your CIDR blocks (or host name in
your domains), try my "ipgrep" utility. It was based on a tool
developed by Corey Satten at the UW (creator of the NDC Logical
Firewall and many other useful tools.)
Dave Dittrich Information Assurance Researcher,
dittrich at u.washington.edu The iSchool
http://staff.washington.edu/dittrich University of Washington
PGP key http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint FE97 0C57 0843 F3EB 49A1 0CD0 8E0C D0BE C838 CCB5
More information about the unisog