On Thu, 17 Aug 2000, Greg Stewart wrote:
> You've gotten Logcheck from Psionic, did you also get (and install)
> Portsentry?
>
> If portsentry was tripped, and added the offending host to the route table
> and the IP to the /etc/hosts.dent file, no packets will be logged for that
> host anymore.
>
> Or, is it that DENY pakect logging stops altogether for ALL offenders after
> a while?
>
> --Greg
>
> > Hi,
> >
> > There was a thread on this a while back, but after a while ipchains stops
> > logging denied packet messages to /var/log/messages and it all goes
> > suspiciously quiet. I know it's not logrotate that's causing the problem
> > because I'm using Psionic logcheck to scan my logs every 15 minutes and
> it's
> > smart enough to cope with log rotations (mostly).
> >
> > I'm running MDK 7.0 with kernel 2.2.16-9mdksecure (from the 7.1 updates)
> >
> > Any suggestions gratefully received.
> >
One cute thing I noticed about logcheck...after I dumped the output of
dmesg into logcheck.ignore (with appropriate changes to account for
differing PID's) logcheck stopped supplying anything...I checked the
output twice for wildcards that went to far and couldn't find any...after
I deleted the dmesg lines and put some more general items in...logcheck
started.
Either I mucked up and didn't see it later or theres a maximum number of
lines logcheck will parse.
Dont think this is the problem mentioned above...just thought I'd mention
it as an associated experience :)
Sorry for the waffle
AG
