[unisog] Syslog tips (was: Re: OSS monitoring recommendations)

Velasquez Venegas Jaime Omar jaime at ulima.edu.pe
Mon Oct 3 15:26:00 GMT 2005

Thanks a lot to everyone for your responses :)
While testing all your suggestions on a windows2k box , I tried "tail
for win32" which even looks like the Checkpoint Log Viewer ;P
I am still considering a SIM solution, I will definitely look for Cisco
SIMS solution for this , because of all correlation features it claims
to have.

Thank you a lot!

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Justin Azoff
Sent: Monday, October 03, 2005 8:35 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Syslog tips (was: Re: OSS monitoring

On Mon, 2005-10-03 at 08:51 -0400, Michael Holstein wrote:

> This little snippet also helps the buffer issue in grepping for 
> multiple
> conditions (eg: cat firewall.log |grep 'something' |grep 'something
else' ..

grep has an option to change the buffering behavior: 

          Use line buffering, it can be a performance penalty.

the somewhat annoying thing is that for tcpdump it is -l, for sed it is

-- Justin Azoff
-- Network Performance Analyst

unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list