[5638] in bugtraq
Re: solaris 251 & syslogd
daemon@ATHENA.MIT.EDU (Michael Helm)
Mon Nov 17 13:27:48 1997
Date: Sat, 15 Nov 1997 14:14:42 -0800
Reply-To: helm@fionn.es.net
From: Michael Helm <helm@FIONN.ES.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Sat, 15 Nov 1997 11:12:21 PST."
<Pine.LNX.3.95.971115104724.399S-100000@bigboy.kinch>
Dave Kinchlea writes:
> Assuming you have some real-time monitoring of syslog output, all
> you need to do is adjust the monitoring so that you expect to see *some*
This is good advice. But....
I guess this is more of a "RISK" albeit a small one rather than a
security issue or BUGTRAQ-worthy bug, but most syslog monitors,
most monitors of every kind, look for events --
not non-events. I'm not sure how I could get swatch to look
for the absence of mark messages. I'm sure we could all think
of other circumstances when we'd like to know when something
wasn't happening, but the facility to do so wasn't there
(the mail hub stops accepting mail, the terminal server
stops accepting connections &c). Something to think about
when designing a system.
