Automated Log Watchers
-
swatch -- covered in my book, now maintained at http://swatch.sourceforge.net/
-
logwatch -- standard package in Red Hat; has own intelligence
w/r/t what to look for
-
logdigest -- SuSE's equivalent of "logwatch"; poorly
documented, but you can figure it out by reading /etc/cron.daily/logdigest
-
logsurfer -- widely-supported simple log watcher;
source available from DFN CERT, at ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/