Bugtraq mailing list archives
Re: syslog idea
From: jlacour () usr com (John LaCour)
Date: Fri, 07 Oct 94 09:42:54 CDT
[The hobbit sez...]
This brought to mind the idea of a "syslog monitor", or a process that would just hang out someplace and stat the various log files periodically, using some mechanism to warn of excessive size, mysterious shrinkage, and maybe some other warning signs.
While you're at it, lets write a program to monitor the syslog monitor. In case any one kills it, sends it signals, its pid changes, etc. Another idea is to find out how the intruders are getting in (or getting root) and plugging those holes. I suppose a program similiar to the monitor program would be nice for measuring system performance and the like - probably thats what 'watcher' is intended for. If you're really concerned about intruders messing with your files, use tripwire or something like that. Of course, tripwire may not be ideal for dynamic files like pacct and lastlog, but alas your binaries are more important than your logs. John
Current thread:
- Re: syslog idea John LaCour (Oct 07)
- Re: syslog idea Fred Kuhns (Oct 10)
- <Possible follow-ups>
- Re: syslog idea Dror Matalon (Oct 07)
- Time for moderation? Douglas W. Goodall (Oct 07)
- Seg Michael Bresnahan (Oct 07)
- Re: Time for moderation? Greg Donovan (Oct 07)
- Re: Time for moderation? Andrew Hughes (Oct 08)
- CC's Aleph One (Oct 07)
- Re: Time for moderation? John Hawkinson (Oct 07)
- Re: Time for moderation? Supak Lailert \ (Oct 07)
- Re: Time for moderation? Herve Schauer (Oct 09)
- Time for moderation? Douglas W. Goodall (Oct 07)