Date: Thu, 13 Jan 2005 13:43:40 -0500 From: Chuck Swiger <cswiger@mac.com> To: Mark Johnston <mjohnston@skyweb.ca> Cc: freebsd-security@freebsd.org Subject: Re: Aggregating logs from numerous FreeBSD machines Message-ID: <41E6C15C.4030907@mac.com> In-Reply-To: <200501131232.44441.mjohnston@skyweb.ca> References: <200501131232.44441.mjohnston@skyweb.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Johnston wrote: > If I had to imagine an ideal system, it would be a central server that > securely collects syslog messages from all my servers, indexes them by server > and severity, and gives a reasonable management interface. Given expressions > based on facility, severity, log message, and the like, it could throw away > useless messages, or page me for critical ones. This would tie into > AIDE/Samhain/Tripwire (haven't picked one yet) and maybe even different > flavors of IDS. It could even warn me when processes run away with the CPU > or RAM, or disks get too full. Consider Big Brother from www.bb4.com. It monitors processes, ports, disk space, load average, looks for interesting stuff in the system logfile, and has a central web-based dashboard with historical logs. [ Slightly off-topic for freebsd-security, moving to -questions. ] -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E6C15C.4030907>