[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Sarge Logcheck Query

On Mon, Feb 16, 2004 at 09:31:11PM +1000, Peter A. Cole wrote:
> In fact logcheck didn't even send an email a minute ago when I check, which
> is how I want except for reboots and unexpected events.

Just a thought - if you don't get any messages how do you know that your
machine hasn't been compromised and logcheck disabled? Maybe make use of
syslogd's MARK. (It's ignored in one of the default files).

> For my own curiosity, I'll have a look at the grep man pages and see if I
> can't understand what's going on a bit better for myself.

Something I thew together quickly after I first set up logcheck was a
Perl script to let me use perl regular expressions which are a lot more
powerful. Also instead of [0-9] you can use \d. This was my main reason for
writing it as I had at least 50 perl specific regex features without realising
that they wouldn't work. Oh the pain...
http://netsoc.tcd.ie/~bbrazil/perlgrep
This is specific to logcheck. Only tested with Woody.

Brian
Reply to: