[unisog] Syslog tips (was: Re: OSS monitoring recommendations)

Velasquez Venegas Jaime Omar jaime at ulima.edu.pe
Mon Oct 3 15:26:00 GMT 2005


Thanks a lot to everyone for your responses :)
While testing all your suggestions on a windows2k box , I tried "tail
for win32" which even looks like the Checkpoint Log Viewer ;P
I am still considering a SIM solution, I will definitely look for Cisco
SIMS solution for this , because of all correlation features it claims
to have.

Thank you a lot!


-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Justin Azoff
Sent: Monday, October 03, 2005 8:35 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Syslog tips (was: Re: OSS monitoring
recommendations)


On Mon, 2005-10-03 at 08:51 -0400, Michael Holstein wrote:

> This little snippet also helps the buffer issue in grepping for 
> multiple
> conditions (eg: cat firewall.log |grep 'something' |grep 'something
else' ..

grep has an option to change the buffering behavior: 

   --line-buffered
          Use line buffering, it can be a performance penalty.

the somewhat annoying thing is that for tcpdump it is -l, for sed it is
-u...


-- 
-- Justin Azoff
-- Network Performance Analyst

_______________________________________________
unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog




More information about the unisog mailing list