This sounds kind of cool, has anyone used it? This doesn't seem like it would compromise security in anyway since "unknown" things still come to your attention.
http://debaday.debian.net/2009/07/19/logcheck-brilliantly-simple-log-monitoring/ Logcheck <http://www.logcheck.org/> is a simple yet great idea, an almost set-it-and-forget-it way to monitor your server logs for problems of all kinds. You create three pattern (grep regex) lists: - Known bad stuff - Looks bad but isn’t - Known good stuff Logcheck periodically checks various syslog (or other) log files and picks up where it left off the last time. During each run it takes the new messages and looks for “known bad” things but first removes stuff that “looks bad but isn’t” and saves the messages as “this is known to be bad.” Then it rewinds, removes the known bad it just collected, removes the “known good” and stuff that “looks bad but isn’t” and saves whatever is left as “unknown.” Then it emails you the results. Over time, as you tune your files, you end up only being alerted to known bad or new (not yet classified) stuff. --~--~---------~--~----~------------~-------~--~----~ Central West End Linux Users Group (via Google Groups) Main page: http://www.cwelug.org To post: [email protected] To subscribe: [email protected] To unsubscribe: [email protected] More options: http://groups.google.com/group/cwelug -~----------~----~----~----~------~----~------~--~---
