emf's logsurfer configuration page

Wow, people are still using logsurfer. I switched to SEC years ago.

If you don't have any idea what I'm talking about, check into Logsurfer and some documentation from CERT on the package.

Now, on with the signatures!

Apache

The Apache HTTP server

Postfix

The Postfix Email server

NcFTPd

The NcFTPd ftp server

Snort

The Snort NIDS package

ipfilter/ipmon

logs from the ipfilter firewall system

NetATalk

the NetATalk unix/appletalk compatibility daemons

ISC BIND

The ISC BIND (named) Nameserver daemon (at least 8.x)

ssh daemons

Generic UNIX messages

UPDATE: I've been way lax in keeping this page up to date with what I'm actually doing in the real world, yet people have been finding this stuff interesting. So, I present for your perusal--my m4-ized files, slightly sanitized. You will more than likely run into some problem if you use these straight out of the box, but they make for good examples of "real world" logsurfer use.
Check Here for raw files.

You will also find these helpers useful

surfmailer (Now with slightly less remote root!)

surf_GenericMsg