From owner-freebsd-questions@FreeBSD.ORG  Fri Feb 17 02:51:57 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F2FE816A420
	for <freebsd-questions@freebsd.org>;
	Fri, 17 Feb 2006 02:51:56 +0000 (GMT) (envelope-from on@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 15FA643D46
	for <freebsd-questions@freebsd.org>;
	Fri, 17 Feb 2006 02:51:55 +0000 (GMT) (envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5])
	by mail.cs.ait.ac.th (8.12.11/8.12.11) with ESMTP id k1H2mnq4024376
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 17 Feb 2006 09:48:49 +0700 (ICT)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.13.1/8.12.11) id k1H2mhKn041207;
	Fri, 17 Feb 2006 09:48:43 +0700 (ICT)
Date: Fri, 17 Feb 2006 09:48:43 +0700 (ICT)
Message-Id: <200602170248.k1H2mhKn041207@banyan.cs.ait.ac.th>
From: Olivier Nicole <on@cs.ait.ac.th>
To: ashley.moran@codeweavers.net
In-reply-to: <200602161418.32982.ashley.moran@codeweavers.net> (message from
	Ashley Moran on Thu, 16 Feb 2006 14:18:32 +0000)
References: <200602161418.32982.ashley.moran@codeweavers.net>
X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/)
Cc: freebsd-questions@freebsd.org
Subject: Re: Log analysis server suggestions?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2006 02:51:57 -0000

> As for searching / analysis, I've seen php-syslog-ng 
> ( http://www.vermeer.org/projects/php-syslog-ng ), which looks very basic, 
> and phpLogCon ( http://www.phplogcon.com/ ), which does not support PG 
> anyway.  Is there anything better GUI-wise?

As for the log analysis, I remember attending a security seminar where
the conclusion was that a good log analysis system should let you
define what events are unimportant and could be ignored so that all
other events, including the unexepected ones are shown as important
and requiring action.

Best regards,

Olivier