The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner


Posted by Xavier Ashe on April 18, 2007

Logsurfer is a program for monitoring system logs in
real-time, and reporting on the occurrence of events. It
is similar to the well-known swatch program on
which it is based, but offers a number of advanced
features which swatch does not support.

Logsurfer is capable of grouping related log entries
together – for instance, when a system boots it usually
creates a high number of log messages. In this case,
logsurfer can be setup to group boot-time messages
together and forward them in a single Email message to the
system administrator under the subject line “Host xxx has
just booted”. Swatch just couldn't do this properly.

Logsurfer is written in C – this makes it extremely
efficient, an important factor when sites generate a high
amount of log traffic. I have used logsurfer at a site
where a logging server was recording more than 500,000
events per day – and Logsurfer had no trouble keeping up
with this load. Swatch, on the other hand, is based on
perl and runs into trouble even when dealing with a much
smaller rate of log traffic.

Neat little tool from Kerry Thompson.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: