Bugtraq: Re: syslog idea

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: syslog idea

From: kovar () NDA COM (David Kovar)
Date: Fri, 7 Oct 1994 01:46:01 -0400 (EDT)

This brought to mind the idea of a "syslog monitor", or a process that would
just hang out someplace and stat the various log files periodically,
using some mechanism to warn of excessive size, mysterious shrinkage, and
maybe some other warning signs.


  There is a package called 'watcher' around that I've been using on and off
for years. You can feed it the output of various programs and it will
compare the current snapshot against the previous snapshot and let you
know if any part of it has changed by a defined percentage, is over a
preset amount, etc. It is pretty easy to configure and set up.

  We run it on a firewall to look for new processes, processes that have
been running for two long, large changes in disk use,a nd some other
odds and ends.

  You could run it against the output from 'ls -l /var/log/syslog' and
do exactly what you're looking for.

-David

By Date By Thread

Current thread:

SMAIL, (continued)
- SMAIL Aleph One (Oct 06)
  - Re: SMAIL joshua geller (Oct 06)
  - Re: SMAIL James Seng (Oct 07)
  - one smail bug dan (Oct 07)
- syslog idea *Hobbit* (Oct 06)
  - Re: syslog idea David Kovar (Oct 06)
  - Re: syslog idea Jonathan M. Bresler (Oct 07)
    - Re: syslog idea Fred Blonder (Oct 07)
    - Re: syslog idea Jonathan M. Bresler (Oct 07)
    - Re: syslog idea Fred Blonder (Oct 07)
    - Re: syslog idea Jonathan M. Bresler (Oct 08)