AIDE Information Overload
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks!
I'd like to ask what people do with their AIDE output at times when a
lot of things change on their system?
I've gone through the AIDE configuration, and I feel like having
configured it well, to catch the things that might be trojaned while
leaving out things that I would certainly change often.
But I'm working a lot on the system these days, so the output just keeps
growing out of hand really quick. I get a Too Much Information problem
within a week of having created the database. Last night's output was
close to 3000 lines, but I've had up to 60000 lines of output there...
I find it hard to keep up at all when the output exceeds a hundred
lines.
So, I've got to do something, but I don't really understand what.
aide --update, ok, but what does that really mean? It just creates a new
database to compare with the old, but then, I should keep the old,
because there are too many changes for me to keep up and be certain
that nothing Bad[tm] as slipped in.... But if I do, the problem just
keeps growing...
So I hope the kind folks here can offer some advice... :-)
Best,
Kjetil
- --
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net webmaster@skepsis.no editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9tWBllE/Gp2pqC7wRAh2mAJwLpsL5PmPehawrkmOC368xMsFENQCdHevV
w81q6a0R1km8GbjxGTcZFng=
=sOls
-----END PGP SIGNATURE-----
Reply to: