Re: [Fed-Talk] LogWatch for Mac?
Re: [Fed-Talk] LogWatch for Mac?
- Subject: Re: [Fed-Talk] LogWatch for Mac?
- From: "Dan O'Donnell" <email@hidden>
- Date: Mon, 17 Nov 2008 13:32:43 -0800
- Thread-topic: [Fed-Talk] LogWatch for Mac?
How are you moving the BSM data from the Macs into LogWatch?
Do you export the stream from BSM into LW, or capture as a file and then
import? Do you capture the information in real time or with a delay?
--
Dan O'Donnell
ISSO
RAND Corporation
1776 Main St.
PO Box 2138
Santa Monica CA 90407-2138
310-393-0411 x6637
email@hidden
email@hidden
On 11/17/08 1:29 PM, "Allan Marcus" <email@hidden> wrote:
> I looked a splunk, and man, what tool! Looks like it would be great
> except for the fact that it's way too much for what I need.
>
> I decided to try LogWatch anyways, despite reports that it didn't work
> on Mac. Turns out it does work! Imagine that. All I need to do now is
> tune it for Mac OS X. If anyone else is using LogWatch on Mac or is
> interested, maybe we can collaborate.
>
> ---
> Thanks,
>
> Allan Marcus
> 505-667-5666
>
>
>
> On Nov 17, 2008, at 2:14 PM, Nichols, Jared wrote:
>
>> I haven't used it, but I guess Splunk is quite popular
>>
>> Jared
>>
>>
>> On 11/17/08 15:51 , "Allan Marcus" <email@hidden> wrote:
>>
>> May have been discussed before, but anyone have an automated logwatch
>> type program? NIST 800-53 AU-7 seems to require such a program. Linux
>> has LogWatch, which works well, but us Mac folks got, what, nothin'?
>>
>> I'm been working with logcheck.sh, but it's very raw and reports way
>> too much. any ideas is greatly appreciated.
>>
>> Oh, Splunk look interesting too. Anything else?
>>
>> ---
>> Thank you,
>>
>> Allan Marcus
>> Solutions Architect
>> Central Software and Development Team (CSD)
>> Department Computing Services Division (DCS)
>> Los Alamos National Laboratory
>> 505-667-5666
>> email@hidden
>>
>>
>>
>>
>>
>> --
>> Jared Nichols
>> ISD Infrastructure and Operations - Desktop Engineering
>> MIT Lincoln Laboratory
>> 244 Wood St.
>> Lexington, MA 02420-9108
>> (781) 981-5500
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
__________________________________________________________________________
This email message is for the sole use of the intended recipient(s) and
may contain confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden