Rsyslog & Auditd – Parsing audit.log / proctitle hexadecimal value to ascii [migrated]

I’m trying to edit my rsyslog.conf in order to set hex parts of my auditd logs in clear.
Does anyone know if it is possible to configure rsyslog in order to apply a parsing on the log received by a bash script ? (Or any other technique)
It… Continue reading Rsyslog & Auditd – Parsing audit.log / proctitle hexadecimal value to ascii [migrated]

How To Drive Value with Security Data – The Full Talk

Last week I keynoted LogPoint’s customer conference with a talk about how to extract value from security data. Pretty much every company out there has tried to somehow leverage their log data to manage their infrastructure and protect their assets and … Continue reading How To Drive Value with Security Data – The Full Talk

A Logging History Lesson – From syslogd(8) to XDR

The log management and security information management (SIEM) space have gone through a number of stages to arrive where they are today. I started mapping the space in the 1980’s when syslog entered the world. To make sense of the really busy diagram, … Continue reading A Logging History Lesson – From syslogd(8) to XDR

Do these logs indicate someone spying on me? Can I use this as evidence to report to IC3/police? [closed]

Logs are provided below. Questions: "Do these router logs indicate I was hacked or being spied on? If so can I report it to IC3/police as legitimate evidence?"
Hello, I hope I am in the right place. I have been paranoid the past … Continue reading Do these logs indicate someone spying on me? Can I use this as evidence to report to IC3/police? [closed]