[1042] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: System log practicalities (was Re: [linux-security] qmail,wu.ftpd,deslogind, in.telnetsnoopd ?)

daemon@ATHENA.MIT.EDU (Paul D. Robertson)
Wed Aug 21 06:33:32 1996

Date: Tue, 20 Aug 1996 10:44:11 -0400 (EDT)
From: "Paul D. Robertson" <proberts@clark.net>
To: Louis Mandelstam <louis@sacc.org.za>
cc: Jonathan Larmour <JLarmour@origin-at.co.uk>,
        Frank Parato <fparato@gti.net>, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.94.960820162538.280K-100000@lh1.sacc.org.za>

On Tue, 20 Aug 1996, Louis Mandelstam wrote:

> The only solid solution I can think of would be for the logging daemon to
> intelligently interpret entries and somehow evaluate which entries need to
> be ignored.   Dunno how one would do this.

There are several Perl packages for managing firewall logs in this regard,
I'm sure you could probably plug one of them into syslog pretty easily,
at least to filter out things you know are fluff, or perhaps to log an
event once (better done when you sighup and start a new syslog -- perhaps
something like this is better done in a named pipe?) 

[REW: Anybody know a name we can tell to the search engines to find
one of those perl packages?]

[REW: Deleted Q&A, already answered.]

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts@clark.net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

home help back first fref pref prev next nref lref last post