Hi Francois,
On Wed, Mar 05, 2008 at 05:30:52PM +0100, Francois Gouget wrote:
On Wed, 5 Mar 2008, Marc Haber wrote:
Which is why the AIDE documentation asks people to submit their rules
either to aide or to the maintainers of the other packages for
inclusion in either package. The support
Marc Haber [EMAIL PROTECTED] wrote:
This might be necessary for the ANF/ARF feature to properly
+handle logs that have been rotated multiple times. COPYNEWDB=no is
+the default because automatically copying the database unconditionally
+(COPYNEWDB=yes) might be dangerous since
On Sun, Jul 27, 2008 at 08:21:31AM -0700, Bill Wohler wrote:
Marc Haber [EMAIL PROTECTED] wrote:
This might be necessary for the ANF/ARF feature to properly
+handle logs that have been rotated multiple times. COPYNEWDB=no is
+the default because automatically copying the database
Marc Haber [EMAIL PROTECTED] wrote:
On Sun, Jul 27, 2008 at 08:21:31AM -0700, Bill Wohler wrote:
Marc Haber [EMAIL PROTECTED] wrote:
This might be necessary for the ANF/ARF feature to properly
+handle logs that have been rotated multiple times. COPYNEWDB=no is
+the default
On Sun, Jul 27, 2008 at 08:42:14AM -0700, Bill Wohler wrote:
Marc Haber [EMAIL PROTECTED] wrote:
On Sun, Jul 27, 2008 at 08:21:31AM -0700, Bill Wohler wrote:
Marc Haber [EMAIL PROTECTED] wrote:
This might be necessary for the ANF/ARF feature to properly
+handle logs that
Marc Haber [EMAIL PROTECTED] wrote:
Ah. now I understand. How about this:
Index: debian/aide-common.README.Debian
===
--- debian/aide-common.README.Debian(revision 758)
+++ debian/aide-common.README.Debian(working
On Sun, Jul 27, 2008 at 01:40:13PM -0700, Bill Wohler wrote:
Sehr gut! Die einzige Dinge ist s/AIDEARGE/AIDEARGS/ :-).
Fixed in svn, thanks.
Greetings
Marc
--
-
Marc Haber | I don't trust Computers. They |
On Wed, Jul 23, 2008 at 01:45:05PM -0700, Bill Wohler wrote:
Marc Haber [EMAIL PROTECTED] wrote:
I also found that because this setting trashes the old database, you
don't have a chance to later run aide --compare to see how a particular
file changed. I therefore added AIDEARGS=-V5 to
Marc Haber [EMAIL PROTECTED] wrote:
On Wed, Jul 23, 2008 at 01:45:05PM -0700, Bill Wohler wrote:
Marc Haber [EMAIL PROTECTED] wrote:
I also found that because this setting trashes the old database, you
don't have a chance to later run aide --compare to see how a particular
file changed.
On Sat, Jul 19, 2008 at 11:48:37AM -0700, Bill Wohler wrote:
Marc Haber [EMAIL PROTECTED] wrote:
On Sat, Nov 24, 2007 at 07:56:29PM -0800, Bill Wohler wrote:
Hi Marc, I think I'm seeing the same thing here. It appears that the ARF
rule isn't working as advertised.
For example, the
Marc Haber [EMAIL PROTECTED] wrote:
I have instead committed the following patch to the README file which
will hopefully make things a lot more clearer than they were explained
in the previous README file. I'd appreciate your comments.
Excellent!
+ - set COMMAND=update and COPYNEWDB=yes
Marc Haber [EMAIL PROTECTED] wrote:
On Sat, Nov 24, 2007 at 07:56:29PM -0800, Bill Wohler wrote:
Hi Marc, I think I'm seeing the same thing here. It appears that the ARF
rule isn't working as advertised.
For example, the following line appeared in the report:
removed:
Hi Francois,
On Wed, Mar 05, 2008 at 05:30:52PM +0100, Francois Gouget wrote:
On Wed, 5 Mar 2008, Marc Haber wrote:
Which is why the AIDE documentation asks people to submit their rules
either to aide or to the maintainers of the other packages for
inclusion in either package. The support
On Mon, Mar 03, 2008 at 11:37:49PM +0100, Francois Gouget wrote:
Marc Haber wrote:
In a previous run, aide detected changes (most probably the zope log
file), and thus the newly generated database was not copied over the
old one. After the next log rotation, the log-related rules didn't
On Wed, 5 Mar 2008, Marc Haber wrote:
[...]
Which is why the AIDE documentation asks people to submit their rules
either to aide or to the maintainers of the other packages for
inclusion in either package. The support scheme supports either.
I have been trying to add the missing rules but this
Marc Haber wrote:
In a previous run, aide detected changes (most probably the zope log
file), and thus the newly generated database was not copied over the
old one. After the next log rotation, the log-related rules didn't
apply any more and you got the report quoted above.
So it's necessary
tags #442214 moreinfo
thanks
On Mon, Dec 03, 2007 at 11:29:24PM +0100, Marc Haber wrote:
To hopefully make things clearer, grab
https://ivanova.notwork.de/~mh/stuff/aidetest.tar.gz, untar and run
./runtests. This will rotate a log five times, with aide runs in
between (which will also copy
On Sat, Feb 09, 2008 at 10:31:55PM -0800, Bill Wohler wrote:
I see the pattern here. I applied these in my files, but I still get
false alarms after a fashion. I'm still looking into it (albeit slowly).
I haven't made a small test case yet in hopes that I'll get the rules
right and because I
Marc Haber [EMAIL PROTECTED] wrote:
On Sat, Nov 24, 2007 at 08:04:54PM -0800, Bill Wohler wrote:
Marc Haber [EMAIL PROTECTED] wrote:
Care to submit your rules for inclusion in the aide packages?
I will be glad to do so once I stop editing them :-).
Great! Looking forward!
Just
Hi,
On Sat, Nov 24, 2007 at 07:56:29PM -0800, Bill Wohler wrote:
Hi Marc, I think I'm seeing the same thing here. It appears that the ARF
rule isn't working as advertised.
For example, the following line appeared in the report:
removed: /var/log/aide/aide.log.6.gz
However, in
Package: aide
Severity: normal
Version: 0.13.1-8
Hi Marc, I think I'm seeing the same thing here. It appears that the ARF
rule isn't working as advertised.
For example, the following line appeared in the report:
removed: /var/log/aide/aide.log.6.gz
However, in
On Fri, Sep 21, 2007 at 02:58:30PM +0200, Andreas Tille wrote:
On Fri, 21 Sep 2007, Marc Haber wrote:
As a rule, if you once get a report that shows changes, you'll get all
log reported as changed the next day if you don't interfere manually.
Well, is the following procedure:
On Mon, Sep 24, 2007 at 07:27:20AM +0200, Andreas Tille wrote:
This is what I've got after aideinit on last Friday ...
---
Added files:
---
added: /var/log/exim4/mainlog.2.gz
On Sat, 6 Oct 2007, Marc Haber wrote:
If so, I suspect that you got the zope log file in Saturday's or
Sunday's report, which prevented the new database from being copied
over the old one, and which caused the normal log file rules not to
apply any more for Monday's report.
Well, this was by
On Sat, Oct 06, 2007 at 11:30:03PM +0200, Andreas Tille wrote:
On Sat, 6 Oct 2007, Marc Haber wrote:
If so, I suspect that you got the zope log file in Saturday's or
Sunday's report, which prevented the new database from being copied
over the old one, and which caused the normal log file rules
On Fri, 21 Sep 2007, Marc Haber wrote:
---
Added files:
---
added: /var/log/exim4/mainlog.2.gz
---
Removed files:
On Fri, Sep 21, 2007 at 07:01:33AM +0200, Andreas Tille wrote:
On Sun, 16 Sep 2007, Marc Haber wrote:
By default, this only works through one rotation of the logs, and
starting with the second rotation, the changes are going to be
reported _until_ you copy the newly generated databases to
On Fri, 21 Sep 2007, Marc Haber wrote:
As a rule, if you once get a report that shows changes, you'll get all
log reported as changed the next day if you don't interfere manually.
Well, is the following procedure:
---
#
On Sun, 16 Sep 2007, Marc Haber wrote:
By default, this only works through one rotation of the logs, and
starting with the second rotation, the changes are going to be
reported _until_ you copy the newly generated databases to the old
ones if no changes were found.
Appropriate settings in
On Fri, Sep 14, 2007 at 08:33:28AM +0200, Andreas Tille wrote:
I havn't changed the files in /etc/aide/aide.conf.d (just added a view
ones for my own application) but Aide reports things like
---
Added files:
Package: aide
Version: 0.13.1-2
Severity: normal
Hi,
I havn't changed the files in /etc/aide/aide.conf.d (just added a view
ones for my own application) but Aide reports things like
---
Added files:
31 matches
Mail list logo
