2007-08-22 18:40:59 GMT
Jeremy, Thanks for the sudo modules. You had loose enough regexes that it worked for most of my stuff and let me write my own su_mod.py.
I also deal in an environment where most the syslogds are reporting by name. In get_smm, returning self.gethost(system) really helped clean up my reports as well.
I noticed that some of the modules have to deal with scanning and if I have an SSH box that gets the standard hydra brute force, I get quite a long number of reports in the SSHD section. Has anyone tried to collapse that down?
UAB Data Security, 205-975-0842
_______________________________________________ Epylog mailing list Epylog <at> linux.duke.edu https://lists.dulug.duke.edu/mailman/listinfo/epylog