Howto process syslog log files
There are tools out there which will process (and do other things) the syslog log files. But if you just need to look for specfic things in the logfiles, then somehow installing Snort might be a bit drastic. So what other options are there.
Syslog can log to files (which is quite normal), or FIFO pipes. The syntax for pipes are:
facilty.priority |<path>/<pipe -file>
To create the pipe use mkfifo:
# mkfifo <path>
An example of how to set this up in syslog.conf:
authpriv.* |/tmp/syslog-secure.pipe
authpriv.* /var/log/secure
The above example will make sure that authpriv.* will be send to both a file and a pipe. Now the next thing which is needed is a program (preferable a daemon), which will continue to read the pipe, and do interesting stuff
For that I use perl... To be continued
Syslog can log to files (which is quite normal), or FIFO pipes. The syntax for pipes are:
facilty.priority |<path>/<pipe -file>
To create the pipe use mkfifo:
# mkfifo <path>
An example of how to set this up in syslog.conf:
authpriv.* |/tmp/syslog-secure.pipe
authpriv.* /var/log/secure
The above example will make sure that authpriv.* will be send to both a file and a pipe. Now the next thing which is needed is a program (preferable a daemon), which will continue to read the pipe, and do interesting stuff
For that I use perl... To be continued
Comments