[1371] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: logwatching

daemon@ATHENA.MIT.EDU (Craig H. Rowland)
Tue Jan 7 19:35:11 1997

Date: Tue, 7 Jan 1997 19:15:51 -0500 (EST)
From: "Craig H. Rowland" <crowland@psionic.com>
To: linux-security@redhat.com
In-Reply-To: <199701071545.HAA11644@Thinkbank.COM>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

> 
> [mod: If I read this correctly it prints recognized stuff, and
> generally discards anything that doesn't match. I disapprove
> of this technique: There might be a message that looks innocent
> because it doesn't have any of the above trigger words in it,
> but is actually a breakin report. You should start out with
> an empty script, and match/delete the annonying messages that
> keep on clobbering the output. -- REW ]
> 
> 

I have a program called logcheck that does just this. It's a clone of a
log checker found on TIS Gauntlet and works very well with systems
with TCP wrappers and/or the TIS Firewall Toolkit. It works very
well on standard Linux (RedHat, Slackware), FreeBSD(2.x), BSDI(1.1, 2,X)
and other similiar UNIX BSD OS types. 

You can find this program at http://www.psionic.com/logcheck.html

The current version is 1.01, there will be an update to 1.1 in a few
weeks.

This site is on a poor 28.8 connection so please be patient if it is slow.
It is probably mirrored at various archives (COAST), if anyone else wishes
to mirror please feel free.

Thanks,

-- Craig




home help back first fref pref prev next nref lref last post