On 9/20/01 at 11:46 AM Steve Werby wrote:
|"Kai r. s., euroweb as" <[EMAIL PROTECTED]> wrote:
|> When it comes to finding the error it was almost inposible to find
|anything
|> in a 2000 mb error log! what I could se was mostely root.exe and cmd.exe
|> errors, but there could have been like a million errors i did not have
|time
|> to see.
|
|Not sure if it's been mentioned to you already, but look at logcheck on
|psionic.com. It'll look for suspicous log entries. Also learn the "grep"
|command. "man grep" from the shell for more info. It's your friend for
|finding matching text in a file.
=============
The -v option of grep is also very useful in instances such as this when the log file
is clogged with worm attacks:
grep -v unwanted_text access > access.clean
will remove all records containing the string unwanted_text
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
