On Tue, May 08, 2007 at 10:45:36AM +0200, Alberich de megres wrote:
> Hello,
>
> I'm new on the openbsd world..i came from linux world :P And i got a
> question about logs
>
> In linux i used logwatch, i know that i can use it on openbsd. But is there
> some other option in openbsd world? what about snort? what way you use to
> analyze logs in rout firewall or workstations?
For log analysis, which is different from analyzing bandwidth and
such, there are plenty of systems. I'd urge you to look at something
that reports anything unknown, though, at least if you're using a log
analyzer to point you at things that need fixing (as opposed to creating
statistics, auto-blacklisting in response to SSH bruteforce attempts,
and so on and so forth).
Personally, I use SEC (sysutils/sec) for general log handling. It's
pretty powerful, not too hard to use, and can be made to work in
blacklist mode (search the web). I add pflogsumm (mail/pflogsumm) to
handle all Postfix logs, mostly because SEC isn't that good at
statistics (though you can get it to execute external programs...)
Joachim
--
TFMotD: ldd (1) - list dynamic object dependencies
