Re: System log monitor

To: debian-security@lists.debian.org
Cc: jpk@cape.com
Subject: Re: System log monitor
From: An Thi-Nguyen Le <anle@ews.uiuc.edu>
Date: Sun, 3 Dec 2000 00:04:48 -0600
Message-id: <[🔎] 20001203000448.C4030@srh1003>
Mail-followup-to: An Thi-Nguyen Le <anle@ews.uiuc.edu>, debian-security@lists.debian.org, jpk@cape.com
In-reply-to: <[🔎] 20001202233105.B4030@srh1003>; from anle@ews.uiuc.edu on Sat, Dec 02, 2000 at 11:31:05PM -0600
References: <[🔎] 14889.52122.881743.444993@tarka.org> <[🔎] 20001202230235.A4030@srh1003> <[🔎] 20001203001054.C395@cape.com> <[🔎] 20001202233105.B4030@srh1003>

[An Thi-Nguyen Le - Sat,  2 Dec 2000 11:31:05 PM CST]
} [Jacob Kuntz - Sat,  2 Dec 2000 11:22:12 PM CST]
} } and just to make things interesting, a vanilla open scan results in
} } two log records for each port i hit. i shudder to think what would happen to
} } a busy site not using a loghost.
} 
} I think that's because logs are partly duplicated across daemon.log and 
} some other log file.  Look it up in the BTS and file a bug mayhaps.

Duh.  That's not portsentry, it's logcheck's setup's fault, or at
least the way logging is done's fault.  It's something's fault.  ;)
Portsentry logs to both syslog and daemon, and logcheck checks both
syslog and daemon.

Are all entries in syslog duplicated from more specific logfiles, such as
(for instance) the mail log and kernel log?  Do we have a logging policy
around here somewhere?


-- 
An Thi-Nguyen Le
|I've got all the money I'll ever need if I die by 4 o'clock.
|		-- Henny Youngman

Reply to:

References:
- System log monitor
  - From: Steve <tarka@zip.com.au>
- Re: System log monitor
  - From: An Thi-Nguyen Le <anle@ews.uiuc.edu>
- Re: System log monitor
  - From: jpk@cape.com (Jacob Kuntz)
- Re: System log monitor
  - From: An Thi-Nguyen Le <anle@ews.uiuc.edu>

Prev by Date: Re: System log monitor
Next by Date: Re: System log monitor
Previous by thread: Re: System log monitor
Next by thread: Re: System log monitor
Index(es):
- Date
- Thread