SEC watches logs. Logs can be delivered in files or they can be delivered over named pipes.
The answer to each of your questions is yes. It might be advisable to have you first read Jim Brown's most excellent tutorial on the matter. It is easy to read and is very informative. There are plenty of examples in the tutorial, and there are also example rulesets available elsewhere for monitoring routers, switches, firewalls, IDS, snort, etc. http://simple-evcorr.sourceforge.net/SEC-tutorial/article.html http://simple-evcorr.sourceforge.net/SEC-tutorial/article-part2.html Regards Tim Peiffer -- Tim Peiffer Network Support Engineer Office of Information Technology University of Minnesota/NorthernLights GigaPOP +1 612 626-7884 (desk) ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2 _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
