On 19/11/2010, at 8:45pm, Fatih Tümen wrote: > I just want to beware of anything unusual instantly, preferably by > email. This is a single or two user laptop.
I've been meaning for some time to look for something like this myself. I'm personally only interested in messages from the RAID controller, and I'm not sure that I'm a high-risk for intrusion, but I do want to know about it *immediately* if a drive fails, so that ideally I can pop into the store on the way home and pick up a new disk to replace the one that failed. > ... > I also checked logsurfer which comes with a init script, however, no > working configuration file and sort of confusing examples. I don't really have a problem with the examples on these pages: http://www.crypt.gen.nz/papers/logsurfer.html http://www.crypt.gen.nz/logsurfer/man_logsurfer_conf.html Or with these explanations [PDF]: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.5.8610&rep=rep1&type=pdf http://www.laptopmobilesecurity.com/papers/Logsurfer.pdf The examples contain a lot of brackets and stuff, but those seem merely to be regular expressions, and if you don't know regex then learning them will pay dividends in other future projects. logsurfer's syntax and the use of "contexts" is not completely clear to me with only the quick glance I've made in the 10 minutes its taken me to write this message, but I'm extremely confident I could have it up and running to meet my needs within an hour. The documentation seems no more complex than any other man page. I'm pretty sure you would understand what's going on if you were only to follow the examples and have a play with them. Be sure to use the `start-mail` script you find in the doc/contrib directory, not any others you find floating around the net: http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060389.html The doc/contrib script seems to address the issue of escape sequences (although I'm about to do some more homework on this subject). Stroller.
