On Sat, Nov 20, 2010 at 00:06, Stroller <strol...@stellar.eclipse.co.uk> wrote: > > On 19/11/2010, at 8:45pm, Fatih Tümen wrote: >> I just want to beware of anything unusual instantly, preferably by >> email. This is a single or two user laptop. > > I've been meaning for some time to look for something like this myself. I'm > personally only interested in messages from the RAID controller, and I'm not > sure that I'm a high-risk for intrusion, but I do want to know about it > *immediately* if a drive fails, so that ideally I can pop into the store on > the way home and pick up a new disk to replace the one that failed. > >> ... >> I also checked logsurfer which comes with a init script, however, no >> working configuration file and sort of confusing examples. > > I don't really have a problem with the examples on these pages: > http://www.crypt.gen.nz/papers/logsurfer.html > http://www.crypt.gen.nz/logsurfer/man_logsurfer_conf.html > > Or with these explanations [PDF]: > http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.5.8610&rep=rep1&type=pdf > http://www.laptopmobilesecurity.com/papers/Logsurfer.pdf > > The examples contain a lot of brackets and stuff, but those seem merely to be > regular expressions, and if you don't know regex then learning them will pay > dividends in other future projects. logsurfer's syntax and the use of > "contexts" is not completely clear to me with only the quick glance I've made > in the 10 minutes its taken me to write this message, but I'm extremely > confident I could have it up and running to meet my needs within an hour. The > documentation seems no more complex than any other man page. I'm pretty sure > you would understand what's going on if you were only to follow the examples > and have a play with them. > > Be sure to use the `start-mail` script you find in the doc/contrib directory, > not any others you find floating around the net: > http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060389.html > > The doc/contrib script seems to address the issue of escape sequences > (although I'm about to do some more homework on this subject). > > Stroller. >
Thanks for the links. Example links seems to be down for me but I will check back later. -- Fatih
