[791] in Intrusion Detection Systems


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: searching logs for key phrases

daemon@ATHENA.MIT.EDU (Tracy R. Reed)
Thu Dec 5 01:55:15 1996

Date: Wed, 6 Feb 2036 23:02:25 -0800 (PST)
From: "Tracy R. Reed" <treed@straylight.ultraviolet.org>
To: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com>
Cc: ids@uow.edu.au
In-Reply-To: <199611271302.OAA21450@spooky.lss.cp.philips.com>
Reply-To: ids@uow.edu.au

On Wed, 27 Nov 1996, Guido van Rooij wrote:

> It is in general a bad idea to scan for interesting things. What should
> be done in stead is filter out the non-interesting ones.

logcheck scans for interesting things and lists them first under the
heading "security violations" and then lists everything else which was not
screened out by the non-interesting list as "unusual system activity". So
you get stuff known to be important first, as well as any other messages
which you have not explicitly ignored.

----------
Tracy Reed
http://www.ultraviolet.org
http://www.linux.org - Escape the Gates of Hell


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[791] in Intrusion Detection Systems

Re: searching logs for key phrases

daemon@ATHENA.MIT.EDU (Tracy R. Reed)Thu Dec 5 01:55:15 1996

daemon@ATHENA.MIT.EDU (Tracy R. Reed)
Thu Dec 5 01:55:15 1996