<quote who="Joey McCoy">
> I personally use Logwatch and pay attention to disk free space, and more
> importantly ssh/login attempts/failures/successes. I haven't looked too
> much into adding custom entries in Logwatch, but I think I might look into
> the GRSecurity logging extensions as well. I would definitely consider
> paying attention to any externally accessible services being analyzed
> (apache, mysql, etc). :)
I do more or less the same - but graphs say more than 1000words - so I
wrote some little extensions to phpWebSite to actually show me some data
on what is going on on my systems. Disk-Usage, CPU-Loads,
Login-Attempts/Failures, Detected Viruses, SMTP-Connections, passed mails,
detected Spam/Rejected Spam etc. Check it out on my
webpage:
http://www.solsys.org/mod.php?mod=systat&op=disp_ind&host_id=1 Cheers
Joerg
> HTH
>
> cheers!
>
>> Hi all,
>>
>> I just wanted to get your opinions on finding some interesting syslog
>> entries to capture with swatch or similar log analyser programs. Is
>> there a common knowledge base on this subject? (discussion list,
>> forums). I already analyse things like root password changes,switch to
>> promiscous mode, etc... What areyou guys looking for in your logs?
>>
>> Thanks! :)
>> Emre
>> --
>> gentoo-security@gentoo.org mailing list
>>
>>
>
>
> --
> gentoo-security@gentoo.org mailing list
>
>
--
------------------------------------------------------------------------
| Joerg Mertin : smurphy@solsys.org (Home)|
| in Forchheim/Germany : smurphy@linux.de (Alt1)|
| Stardust's LiNUX System : |
| Web: http://www.solsys.org |
------------------------------------------------------------------------
PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A
--
gentoo-security@gentoo.org mailing list