How to monitor other Linux logs for text strings

There are three applications in which have accounts where failed logins need to be alerted on since lockouts aren't possible. Tenable.sc, RH Satellite, Nessus.
Tenable.sc natively writes its log messages to the system logger and gets forwarded automatically to InTrust. RH Satellite and Nessus only write their logs to application level logs instead of the system logger, so I configured syslog to capture those log files and forward them to the InTrust pipe, but that doesn't seem to work properly. Is there a way to resolve this?
Parents Reply
  • I have a RealTime rule setup to monitor the syslog and only the application that writes natively to the SYSLOG generate and email based on the Realtime Policy I have setup. These are the three strings:

    Nessus: "bad login attempt from ip"

    Satellite: "Failed login attempt from"

    Tenable.sc: "Invalid username/password combination for User"

Children
No Data