> > Hello; > > My environment is mixed with MS Windows, Solaris, > Linux (Debian, FC and RH), Cisco routers, PIX > Firewalls. > > I would like to begin using the collection of rules > and examples but find them confusing, always been at > regex/pcre/etc type stuff. Looking for a good > tutorial to get me started using SEC very quickly. > I've recently began using it with syslog-ng and > unless the rules are extremely simple, i.e. there > was a login, then my rules fail.
If you are looking for a good tutorial, please check the tutorial written by Jim Brown (http://sixshooter.v6.thrupoint.net/SEC-examples/article.html and http://sixshooter.v6.thrupoint.net/SEC-examples/article-part2.html). However, if you are struggling with regular expressions and find it difficult to write regexp's for certain events, you can always post questions to this list - we have discussed regexp issues here in the past. Also, check the following tutorial (part of the Perl documentation): http://perldoc.perl.org/perlretut.html hth, risto > > Also looking for any not well known repositories for > sec rulesets. > > Thanks all, > > .vp > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio > 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/> _______________________________________________ > Simple-evcorr-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
