Re: System log monitor
[An Thi-Nguyen Le - Sat, 2 Dec 2000 11:31:05 PM CST]
} [Jacob Kuntz - Sat, 2 Dec 2000 11:22:12 PM CST]
} } and just to make things interesting, a vanilla open scan results in
} } two log records for each port i hit. i shudder to think what would happen to
} } a busy site not using a loghost.
} I think that's because logs are partly duplicated across daemon.log and
} some other log file. Look it up in the BTS and file a bug mayhaps.
Duh. That's not portsentry, it's logcheck's setup's fault, or at
least the way logging is done's fault. It's something's fault. ;)
Portsentry logs to both syslog and daemon, and logcheck checks both
syslog and daemon.
Are all entries in syslog duplicated from more specific logfiles, such as
(for instance) the mail log and kernel log? Do we have a logging policy
around here somewhere?
An Thi-Nguyen Le
|I've got all the money I'll ever need if I die by 4 o'clock.
| -- Henny Youngman