On Wed, Jul 05, 2006 at 11:29:20PM +0200, martin f krafft wrote: > > empty mails might give the users a sense of security although the > > host has been breached. anyway logcheck is not a realtime monitor. > > happy to hear your thought so that we can better focus on what > > logcheck should do. > > anomalies pretty much sums it up. Scans are not anomalies anymore.
Excuse the late reply, but yeah, agreed. As maks mentioned, previously the policy was to report unknown user scans, but it's no longer a stastical anamoly on the average system. -- Todd Troxell http://rapidpacket.com/~xtat _______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
