devialog is a behavior/anomaly/signature-based syslog intrusion detection system which can detect new, unknown attacks. It fits comfortably in a heterogeneous Unix/Linux/BSD environment at the core of a central syslog server. devialog can generate its own signatures and can act upon anomalies as configured by the system administrator. In addition, devialog can function as a traditional syslog parsing utility in which known signatures trigger actions.
a4e1ba35a0fc66d0d70d56746dd81d3a047c6d3e6cdd65d48dfef81c9da18a81