> Its a pain in the arse, as most of our logs are full of 127.0.0.1,
> amking it hard to check for real use/abuse etc.
You might want to consider disabling the checker ? As I view it, the
cobalt status checker is there for people who want to user the web front
end exclusivly, but there's no reason why you can't produce a small script
to replace it which will check for the relevant processes and possibly
e-mail you if they're not found.
If you want to keep it going, you might want to have a look at a log
analyser (yeah, I know you could just use grep -v as someone has pointed
out). We use Logcheck[1] to filter all the 'everyday junk' out of the
logs and e-mail us the rest.
Regards,
John
[1] http://www.psionic.com/abacus/logcheck/
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
