Question!

[domint]

This is directed at all of my haxor friends - I'm looking for a tool (preferably open-source) that will allow me to take emails generated by our firewalls full of logging information and put them in a repository or somesuch to make all this data useful - Right now I have to manually go through potentially hundreds of emails a day that mostly

Comments

[kindgott]

Is there any way you could just use grep to find any keywords that would only be in the useful emails?

[domint]

Well, I've kind of tweeked things a little bit on these firewalls. I've got a config loaded that is properly emailing alerts separate from the usual log-rotate archive. Now the problem is I'm usually only getting 1 or 2 lines at a time w/ a warning or alert separate of the complete log - kind of hard to see trends build over time that way. And a lot of these alerts are just the usual dreck floating around the 'Net - invalid TCP SYN packets, the occasional port scan, etc