LinuxQuestions.org - Which log prog should I use?

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - Which log prog should I use? (https://www.linuxquestions.org/questions/linux-software-2/which-log-prog-should-i-use-141982/)

Which log prog should I use?

Hello, I will try to explain my question as best I can.

I am wondering what I should use to view the system logs. Not as in what command to view a system log but a prog that will consolidate and show me more security issues. Is Logcheck anygood? I would like to send the logs to another machine in real time incase of compromise, what is a good way to do this? Would like to send it to MS2k3 server.

I appreciate the help and will value any comments. Thanks.

Configure syslog to send the logs to the logserver. Run a program such as swatch on the log server to monitor for any sort of malicious behavior. Logcheck is a great program. Run it on your log server or you could get a copy of weblog to view your logs from a browser. Wouldn't it be nice if someone integrated the two together? This gives me some ideas. Make sure ALL of the passwords are different of the logging server and it is locked down. TrinityOS is an excellent tutorial on securing a generic linux host.
Links:
http://www.ecst.csuchico.edu/~dranch...html#trinityos
http://www.precision-guesswork.com/s...-overview.html
http://freshmeat.net/projects/wwwsyslog/?topic_id=862
http://www.linuxjournal.com/article.php?sid=5476
http://66.102.11.104/search?q=cache:...hl=en&ie=UTF-8