From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GFOP6-0000UJ-QR for garchives@archives.gentoo.org; Tue, 22 Aug 2006 05:02:21 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k7M50FZL026568; Tue, 22 Aug 2006 05:00:15 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k7M4wEJ6000487 for ; Tue, 22 Aug 2006 04:58:15 GMT Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 7BA5B6479E for ; Tue, 22 Aug 2006 04:58:14 +0000 (UTC) Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09805-04 for ; Tue, 22 Aug 2006 04:58:08 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 97E70647A6 for ; Tue, 22 Aug 2006 04:58:06 +0000 (UTC) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1GFOKv-00016U-58 for gentoo-user@gentoo.org; Tue, 22 Aug 2006 06:58:01 +0200 Received: from adsl-68-78-64-161.dsl.emhril.ameritech.net ([68.78.64.161]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 22 Aug 2006 06:58:01 +0200 Received: from reader by adsl-68-78-64-161.dsl.emhril.ameritech.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 22 Aug 2006 06:58:01 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: reader@newsguy.com Subject: [gentoo-user] Re: Practical log reviewing Date: Mon, 21 Aug 2006 23:57:44 -0500 Organization: Still searching... Message-ID: <873bbpcqpj.fsf@newsguy.com> References: <49bf44f10608212018s696cca9do2ecab8a74e85fd46@mail.gmail.com> <44EA7FC0.50902@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: adsl-68-78-64-161.dsl.emhril.ameritech.net User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) Cancel-Lock: sha1:nZHxk1rs91CPAqxYqEsrZN+V+3M= Sender: news X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Status: No, score=-1.658 required=5.5 tests=[AWL=-0.020, BAYES_00=-2.599, NO_REAL_NAME=0.961] X-Spam-Score: -1.658 X-Spam-Level: X-Archives-Salt: 5b0c7a60-bea8-4cfe-a63f-0f0f2bd4b252 X-Archives-Hash: b7dadb707411ba257fdc62e703426aad gentuxx writes: > Depending on what you're requirements are, try OSSEC-HIDS > (www.ossec.net). I've been using it for a couple weeks now and it's > pretty handy. The longer I use it, the more I add to it, the better it > is. Unfortunately there isn't an ebuild for it (yet). But it's really > easy to install. Plus it does a lot more than just log monitoring. You say it is easy to install and so it is, But once installed it isn't at all clear what this thing does. I'm guessing somewhere in all the hoopla it presents you with some analysis of logs. Its not one bit clear from there site how to get to that point. Sorry for the rant but I was sort of surprised to find no real overview that tells what this tool does in some detail. This is the overview on the home page: OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. After that there is a manual the describes running the tool, but I never see any detailed summary of what it really does and how to access the analysis. I've gone way OT here but I hoped you might write to me privately and describe in some detail what you do with it... -- gentoo-user@gentoo.org mailing list