21 Jul
2010
21 Jul
'10
9:25 p.m.
Justin Krejci wrote:
Check out splunk (or similar) for multiple disparate event log correlations.
I'm not really looking for solutions right now. I just wanted to comment on the "stealth" techniques in use by those running botnets.
When I do look for solutions, I prefer open source tools that are minimalist to the extent possible. Thus, I chose mon (http://mon.wiki.kernel.org/) for monitoring systems and services, and I would first consider SEC (http://simple-evcorr.sourceforge.net/) for correlating events in logs from multiple servers. That's just a personal preference, though.
Chris Hoogendyk
- O__ ---- Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center
<hoogendyk@bio.umass.edu>
---------------
Erdös 4