I'm looking for a logfile scanner that can search for regular expressions in logfiles and send immediate email notifications. I'd like to try to find something that doesn't use huge amounts of memory. I'm currently running fail2ban and used it to do some of this scanning, but I'm finding that it can suck up memory and CPU resources when there is a lot of logging going on.
I am aware of swatch, but most people say that it is pretty resource intensive as well. I came across logsurfer in google search and was wondering if anyone has experience with it or what other good alternatives might exist.
While fancy features are nice, I'm willing to forgo them for lower resource consumption.
Thanks, Nataraj
simple-evcorr.sourceforge.net (sec.pl) the rules are a bit of a bear to learn, but it can do anything. 300 syslogs/second using ~5% cpu and 20MB of ram with 600+ rules.
On 06/08/2012 04:26 PM, Nataraj wrote:
I'm looking for a logfile scanner that can search for regular expressions in logfiles and send immediate email notifications. I'd like to try to find something that doesn't use huge amounts of memory. I'm currently running fail2ban and used it to do some of this scanning, but I'm finding that it can suck up memory and CPU resources when there is a lot of logging going on.
I am aware of swatch, but most people say that it is pretty resource intensive as well. I came across logsurfer in google search and was wondering if anyone has experience with it or what other good alternatives might exist.
While fancy features are nice, I'm willing to forgo them for lower resource consumption.
Thanks, Nataraji
On 06/08/2012 02:48 PM, Steven Tardy wrote:
simple-evcorr.sourceforge.net (sec.pl) the rules are a bit of a bear to learn, but it can do anything. 300 syslogs/second using ~5% cpu and 20MB of ram with 600+ rules.
On 06/08/2012 04:26 PM, Nataraj wrote:
I'm looking for a logfile scanner that can search for regular expressions in logfiles and send immediate email notifications. I'd like to try to find something that doesn't use huge amounts of memory. I'm currently running fail2ban and used it to do some of this scanning, but I'm finding that it can suck up memory and CPU resources when there is a lot of logging going on.
I am aware of swatch, but most people say that it is pretty resource intensive as well. I came across logsurfer in google search and was wondering if anyone has experience with it or what other good alternatives might exist.
While fancy features are nice, I'm willing to forgo them for lower resource consumption.
Thanks, Nataraji
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thank you. sec looks like a useful tool. I will try it.
Nataraj
-
Nataraj -
Steven Tardy