LOGSENTRY
---------

http://www.psionic.com/products/logsentry.html
GPL'd

LogSentry (also known as LogCheck) can read through various system logs 
and e-mail a report on any security issues or violations detected by 
matching a set of pre-defined search terms. Comprehensive configuration 
files are included.

In use, LogSentry must be set to run at desired intervals, e.g. using 
cron. This means that it uses minimal system resources and produces single 
e-mailed digests from the logs rather than a mass of separate messages, 
but it also introduces a window of opportunity for an attacker to modify 
the logs or otherwise interfere with the warning process.


Installation
------------
A comprehensive INSTALL is included in the distribution. To summarise:

1) unpack tarball
2) check the system log files are properly secured and configured
3) insert e-mail address and otherwise amend logcheck.sh as needed
4) "make linux"

Test it by running /usr/local/etc/logcheck.sh

If tweaking is needed then the main script and the search terms are all
in /usr/local/etc/. Once it is working as desired, set it to run 
automatically (e.g. by creating a script called logcheck.cron containing 
the command-line above in /etc/cron.hourly).