On Wed, Feb 20 2008 at 32:08, Rami Sik wrote: > Hi All, Hi alone, > > I would like to see what you'd suggest as a log analyzer tool(s) on a > centralized log server running syslog-ng. In our network, I decided to analyse the logs received by syslog-ng with Prelude-LML. In fact, all logs are retransmitted to Prelude-LML syslog daemon binding on localhost.
Prelude-LML can find security threats in logs of numerous products. It's easy to see them with the Prelude console (Prewikka). The fact that only a copy is sent to prelude-lml permits to store the logs as you want. This way you can analyse mail or web logs with your favorite log analyser. We intend to use awstats for this purpose. > I also need to use a specific tool as PF log analyzer. What do you > suggest for that purpose? For the moment, I didn't choose any product to analyse pf logs. I haven't found yet a firewall log analyser that emphase the important alerts and not summarise in a beautiful graph all the connections. Claer