On Sun, Dec 03, 2000 at 04:57:48AM +, Steve wrote:
> Is there a package in debian equivalent to RedHat's LogWatch? This
> analyses the system logs nightly and delivers a report of sudo events,
> logins, ssh sessions, etc. What is the preferred method of doing this
> under debian?
I l
On Sun, Dec 03, 2000 at 04:57:48AM +, Steve wrote:
> Is there a package in debian equivalent to RedHat's LogWatch? This
> analyses the system logs nightly and delivers a report of sudo events,
> logins, ssh sessions, etc. What is the preferred method of doing this
> under debian?
I
Steve wrote:
> With packages having their own violations/ignore files you can add a
> separate header to each one. So a logcheck pass would look like ..
>
> Security Violations
> =-=-=-=-=-=-=-=-=-=
>
>
> (package foo) Violations
> =-=-=-=-=-=-=-=-=-=-=
>
>
> Unusual System Event
Steve wrote:
> With packages having their own violations/ignore files you can add a
> separate header to each one. So a logcheck pass would look like ..
>
> Security Violations
> =-=-=-=-=-=-=-=-=-=
>
>
> (package foo) Violations
> =-=-=-=-=-=-=-=-=-=-=
>
>
> Unusual System Even
On Tue, Dec 12, 2000 at 11:17:34AM +1100, Steve wrote:
> Unfortunately, none of this solves the overall problem of packages
> introducing badly formed ignore rules. In the end is suppose you will
> just have to trust subsystems to perform sensible checks and not be
> too general, and file bug-repo
On Tue, Dec 12, 2000 at 11:17:34AM +1100, Steve wrote:
> Unfortunately, none of this solves the overall problem of packages
> introducing badly formed ignore rules. In the end is suppose you will
> just have to trust subsystems to perform sensible checks and not be
> too general, and file bug-rep
"Rene" == Rene Mayrhofer <[EMAIL PROTECTED]> writes:
> I am thinking about rules that are shipped with logcheck at the
> moment, but will be shipped with the package they belong to in the
> future. During the transition period, it might (and probably) will
> happen, that for some time, both logchec
"Rene" == Rene Mayrhofer <[EMAIL PROTECTED]> writes:
> I am thinking about rules that are shipped with logcheck at the
> moment, but will be shipped with the package they belong to in the
> future. During the transition period, it might (and probably) will
> happen, that for some time, both logche
Steve wrote:
>
> "Rene" == Rene Mayrhofer <[EMAIL PROTECTED]> writes:
> > This is a small followup to my last message. After thinking a bit
> > about it, I think it might be better (performance-wise and when
> > multiple files include the same rules - this will happen during the
> > transitition
"Rene" == Rene Mayrhofer <[EMAIL PROTECTED]> writes:
> This is a small followup to my last message. After thinking a bit
> about it, I think it might be better (performance-wise and when
> multiple files include the same rules - this will happen during the
> transitition period when packages start
"Rene" == Rene Mayrhofer <[EMAIL PROTECTED]> writes:
> Well, the package is not orphaned, I have
> already fixed nearly all bug reports. The reason why the package
> has not been updated in a while is that I am in the NM queue for
> myself (since about 1,5 years). Now I am approved by an AM,
Steve wrote:
>
> "Rene" == Rene Mayrhofer <[EMAIL PROTECTED]> writes:
> > This is a small followup to my last message. After thinking a bit
> > about it, I think it might be better (performance-wise and when
> > multiple files include the same rules - this will happen during the
> > transitition
"Rene" == Rene Mayrhofer <[EMAIL PROTECTED]> writes:
> This is a small followup to my last message. After thinking a bit
> about it, I think it might be better (performance-wise and when
> multiple files include the same rules - this will happen during the
> transitition period when packages star
"Rene" == Rene Mayrhofer <[EMAIL PROTECTED]> writes:
> Well, the package is not orphaned, I have
> already fixed nearly all bug reports. The reason why the package
> has not been updated in a while is that I am in the NM queue for
> myself (since about 1,5 years). Now I am approved by an AM,
On Sun, 10 Dec 2000, Rene Mayrhofer wrote:
> files in there. Another small question: Is it better to have different .d
> directories (for ignore, violations, violations.ignore and hacking) or having
> one .d directory and using filename-postfixes (e.g. postfix.ignore,
> postfix.violations, postfix.
Arthur Korn wrote:
>
> Hi
>
> Rene Mayrhofer schrieb:
> > There's only one minor problem: Shipping files for
> > update-modules is easy, since modutils is required and
> > therefore /etc/modutils should always be present. But since
> > logcheck is only optional, should packages still ship files i
Hi
Rene Mayrhofer schrieb:
> There's only one minor problem: Shipping files for
> update-modules is easy, since modutils is required and
> therefore /etc/modutils should always be present. But since
> logcheck is only optional, should packages still ship files in
> /etc/logcheck/*.d/ although they
On Sun, 10 Dec 2000, Rene Mayrhofer wrote:
> files in there. Another small question: Is it better to have different .d
> directories (for ignore, violations, violations.ignore and hacking) or having
> one .d directory and using filename-postfixes (e.g. postfix.ignore,
> postfix.violations, postfix
Arthur Korn wrote:
>
> Hi
>
> Rene Mayrhofer schrieb:
> > There's only one minor problem: Shipping files for
> > update-modules is easy, since modutils is required and
> > therefore /etc/modutils should always be present. But since
> > logcheck is only optional, should packages still ship files
Hi
Rene Mayrhofer schrieb:
> There's only one minor problem: Shipping files for
> update-modules is easy, since modutils is required and
> therefore /etc/modutils should always be present. But since
> logcheck is only optional, should packages still ship files in
> /etc/logcheck/*.d/ although the
On Sun, 10 Dec 2000, Rene Mayrhofer wrote:
> Well, the package is not orphaned, I have already fixed nearly all bug
> reports.
> The reason why the package has not been updated in a while is that I am in the
> NM queue for myself (since about 1,5 years). Now I am approved by an AM,
> but
> st
[I am crossposting this to -devel since other package maintainers might be
interested in this idea. If you are, please CC me in replies, I am currently not
subscribed to -devel.]
Steve wrote:
>
> Thanks to everyone that replied. I've installed logcheck and it works
> well after a couple of itera
Steve wrote:
>
> "Steve" == Steve <[EMAIL PROTECTED]> writes:
> > ... I suppose it would be nice if packages could supply their own
> > violations and ignore files to make this easier ...
>
> Well, the feeling seems to be that this is a worthwhile project. I'll
> approach the maintainer and see
This is a small followup to my last message.
After thinking a bit about it, I think it might be better (performance-wise and
when multiple files include the same rules - this will happen during the
transitition period when packages start to bring logcheck rules files, but when
they are still cover
On Sun, 10 Dec 2000, Rene Mayrhofer wrote:
> Well, the package is not orphaned, I have already fixed nearly all bug reports.
> The reason why the package has not been updated in a while is that I am in the
> NM queue for myself (since about 1,5 years). Now I am approved by an AM, but
> still w
[I am crossposting this to -devel since other package maintainers might be
interested in this idea. If you are, please CC me in replies, I am currently not
subscribed to -devel.]
Steve wrote:
>
> Thanks to everyone that replied. I've installed logcheck and it works
> well after a couple of iter
Steve wrote:
>
> "Steve" == Steve <[EMAIL PROTECTED]> writes:
> > ... I suppose it would be nice if packages could supply their own
> > violations and ignore files to make this easier ...
>
> Well, the feeling seems to be that this is a worthwhile project. I'll
> approach the maintainer and se
This is a small followup to my last message.
After thinking a bit about it, I think it might be better (performance-wise and
when multiple files include the same rules - this will happen during the
transitition period when packages start to bring logcheck rules files, but when
they are still cove
On Thu, Dec 07, 2000 at 03:05:39PM +0100, Michael Meskes wrote:
> On Thu, Dec 07, 2000 at 03:37:13PM +1100, Steve wrote:
> > suppose it would be nice if packages could supply their own violations
> > and ignore files to make this easier. For example, postfix would
> > supply a violations file cont
On Thu, Dec 07, 2000 at 03:05:39PM +0100, Michael Meskes wrote:
> On Thu, Dec 07, 2000 at 03:37:13PM +1100, Steve wrote:
> > suppose it would be nice if packages could supply their own violations
> > and ignore files to make this easier. For example, postfix would
> > supply a violations file con
On Thu, Dec 07, 2000 at 03:37:13PM +1100, Steve wrote:
> suppose it would be nice if packages could supply their own violations
> and ignore files to make this easier. For example, postfix would
> supply a violations file containing
> ...
> And logcheck does a run-parts style include of all the fi
On Thu, Dec 07, 2000 at 03:37:13PM +1100, Steve wrote:
> suppose it would be nice if packages could supply their own violations
> and ignore files to make this easier. For example, postfix would
> supply a violations file containing
> ...
> And logcheck does a run-parts style include of all the f
On Sun, Dec 03, 2000 at 03:27:06PM +1100, Steve wrote:
> Is there a package in debian equivalent to RedHat's LogWatch? This
$ apt-cache show logwatch
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet & Security for P
On Sun, Dec 03, 2000 at 03:27:06PM +1100, Steve wrote:
> Is there a package in debian equivalent to RedHat's LogWatch? This
$ apt-cache show logwatch
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet & Security for
I wrote a little perl script to make all sorts of fun noises when certain
syslog things happen, which i've packaged myself already, but i've not yet
even attempted to get it into debian, as i've not the time to worry about
trying to become a maintainer. it's called 'logplay', and you can find it
o
[An Thi-Nguyen Le - Sat, 2 Dec 2000 11:31:05 PM CST]
} [Jacob Kuntz - Sat, 2 Dec 2000 11:22:12 PM CST]
} } and just to make things interesting, a vanilla open scan results in
} } two log records for each port i hit. i shudder to think what would happen to
} } a busy site not using a loghost.
}
}
I wrote a little perl script to make all sorts of fun noises when certain
syslog things happen, which i've packaged myself already, but i've not yet
even attempted to get it into debian, as i've not the time to worry about
trying to become a maintainer. it's called 'logplay', and you can find it
[Jacob Kuntz - Sat, 2 Dec 2000 11:22:12 PM CST]
} from the secret journal of An Thi-Nguyen Le ([EMAIL PROTECTED]):
} > There's Psionic's logcheck, which is in both potato and woody. The
} > one, the original. Goes well with portsentry (only in woody, can do
} > a source compile on potato thoug
from the secret journal of An Thi-Nguyen Le ([EMAIL PROTECTED]):
> There's Psionic's logcheck, which is in both potato and woody. The
> one, the original. Goes well with portsentry (only in woody, can do
> a source compile on potato though).
>
not exactly -- portsentry depends on net-tools. i
[Steve - Sat, 2 Dec 2000 10:57:24 PM CST]
} Is there a package in debian equivalent to RedHat's LogWatch? This
} analyses the system logs nightly and delivers a report of sudo events,
} logins, ssh sessions, etc. What is the preferred method of doing this
} under debian?
There's Psionic's logch
[An Thi-Nguyen Le - Sat, 2 Dec 2000 11:31:05 PM CST]
} [Jacob Kuntz - Sat, 2 Dec 2000 11:22:12 PM CST]
} } and just to make things interesting, a vanilla open scan results in
} } two log records for each port i hit. i shudder to think what would happen to
} } a busy site not using a loghost.
}
[Jacob Kuntz - Sat, 2 Dec 2000 11:22:12 PM CST]
} from the secret journal of An Thi-Nguyen Le ([EMAIL PROTECTED]):
} > There's Psionic's logcheck, which is in both potato and woody. The
} > one, the original. Goes well with portsentry (only in woody, can do
} > a source compile on potato thou
from the secret journal of An Thi-Nguyen Le ([EMAIL PROTECTED]):
> There's Psionic's logcheck, which is in both potato and woody. The
> one, the original. Goes well with portsentry (only in woody, can do
> a source compile on potato though).
>
not exactly -- portsentry depends on net-tools.
[Steve - Sat, 2 Dec 2000 10:57:24 PM CST]
} Is there a package in debian equivalent to RedHat's LogWatch? This
} analyses the system logs nightly and delivers a report of sudo events,
} logins, ssh sessions, etc. What is the preferred method of doing this
} under debian?
There's Psionic's logc
44 matches
Mail list logo
