Hans-J. Ullrich
2017-May-15 08:42 UTC
[Logcheck-devel] Bug#862638: logcheck: Please add suricata rules to logcheck
Package: logcheck Version: 1.3.18 Severity: wishlist Dear Maintainer, I am very happy with logcheck. It is great working and very usefull. However, it would be nice, if you could add a ruleset for suricata (a successor to the well known snort IDS), so I get alerted, when something fishy is going on. In my case logcheck is run every 30 minutes, so I am very fast aware, when an attack is going on. On the other hand, I found no realtime alert option with suricata. Best way, IMO, would be a ruleset for suricata logs, which do alert me by mail (as logcheck normally do). I search in the web, but things like snorby, scirius, evebox etc. did not fit the things I am searching for. Thank you for reading this and thanks for logcheck, it is great! Best regards Hans -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 4.9.0-2-686-pae (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages logcheck depends on: ii adduser 3.115 ii cron [cron-daemon] 3.0pl1-128+b1 ii lockfile-progs 0.1.17+b1 ii logtail 1.3.18 ii mime-construct 1.11+nmu2 ii postfix [mail-transport-agent] 3.1.4-4 ii rsyslog [system-log-daemon] 8.24.0-1 Versions of packages logcheck recommends: ii logcheck-database 1.3.18 Versions of packages logcheck suggests: pn syslog-summary <none> -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Keine Berechtigung: '/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Keine Berechtigung: '/etc/logcheck/logcheck.logfiles' -- no debconf information