Re: setuid changes
-----BEGIN PGP SIGNED MESSAGE-----
On Saturday 22 Sep 2001 1:43 pm, Oyvind A. Holm wrote:
> some kind of perl script which skips all the non-important info and
> leave all other in place. A script root can run which pulls out info
> from /var/log/* and other logs around the system.
There's a shell script called logcheck which does this, you can edit lists of
regexps to ignore in /etc/logcheck (and a list of which logs to check), and
then anything that's left is mailed.
I've used it for ages, the only problem I've ever had is that there's no
ignore file against things otherwise marked (by another list of regexps) as
"active system attacks", though it wasn't difficult to add that feature. Hmm,
I'll file a wishlist bug on that when I get around to it.
Chris Boyle - Winchester College - http://archives.wincoll.ac.uk/
ICQ: 24151961 - PGP: http://archives.wincoll.ac.uk/finger.php?q=chrisb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----