What is a good logfile scanner/tool to help monitor logfiles?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: WinXP SP2 and SP3, W2K Server, Ubuntu
Posts: 313
Rep:
What is a good logfile scanner/tool to help monitor logfiles?
I need help looking at all the log files on my server. There are too many files to watch all the time. What is the best way to automate watching the logfiles. I heard a program called SWATCH is good but have never used it. Both opinions and facts appreciated.
Logcheck seems to be working excellent for me. It runs through the logs looking for keywords, then emails you with any possible security concerns. It is rather verbose with the default config, but you can tailor it as you see fit with 'ignore' words, etc.
I have it emailing me (WAN) in case an intruder was to try and delete my local mail to cover his/her tracks. It's set up as a cron job.
Check it out! Just be sure to read the docs it comes with before/during installation to save yourself some headaches.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.