On 20.09.2012 02:22, Andreas Lang wrote:
log @ minute4, tampering: User1 entry is deleted / modified, but size
3k due to growing logfile:
Minute 2: Some other logging
Minute 3: Some other logging
Minute 4: Some other logging
I agree that this would be ideal, but can any solution do this for a
running log file? I would seriously be interested to know. The only way
I can think of is to monitor which process is ordinarily writing to the
file and look for writes from any other account with auditd or something
along those lines. Again, it's not fool-proof, but sometimes good enough
is good enough.
