Re: Logcheck Keyword Files

To: debian-isp@lists.debian.org
Subject: Re: Logcheck Keyword Files
From: Ronny Adsetts <ronny.adsetts@amazinginternet.com>
Date: Tue, 08 Jun 2004 17:45:17 +0100
Message-id: <[🔎] 40C5ED1D.4000709@amazinginternet.com>
In-reply-to: <[🔎] 200406081224.26780.mark@easymailings.com>
References: <[🔎] 200406081224.26780.mark@easymailings.com>

Mark Bucciarelli said at 08/06/04 17:24:

I'm thinking about using the logcheck [1] program for intrusion detection,and was wondering if anyone here uses it. If so, have you modified thekeyword filter files?

I'd advise creating a 'local' definition in /etc/logcheck/ignore.d/ andfriends rather than editing packaged files. Avoids getting prompted toreplace them when you upgrade.

I'd also recommend using log2mail for those times when you want to benotified quickly of something in a log file (like a raid disk dying).Backport the unstable version though. IIRC I had problems with the stableversion.


Ronny
--
Technical Director
Amazing Internet Ltd, London
t: +44 20 8607 9535
f: +44 20 8607 9536
w: www.amazinginternet.com

Reply to:

References:
- Logcheck Keyword Files
  - From: Mark Bucciarelli <mark@easymailings.com>

Prev by Date: Re: Logcheck Keyword Files
Next by Date: proftpd - TSL support
Previous by thread: Re: Logcheck Keyword Files
Next by thread: proftpd - TSL support
Index(es):
- Date
- Thread