Next time you run logcheck it should only check entries since the last run (it keeps a marker somewhere). Good day David > I took a look at logcheck.sh, and attempted to add in /var/log/httpd/access > file for analysis. Without entering anything in any of the ignore files I > would > have expected logcheck to add the complete log of last 15 minutes. > > Instead it appended the entire (>11mb) access log file to the email message, > stretching back a few days. This isnt the behaviour I would expect, I can > only > guess that it could be something to do with the date format or position on > the line? > > For completeness I've added a part of the logs below, all of the > /var/log/xxx files > seem to follow the same format with the date /time being at the start of the > line. > > -----Original Message----- > > Now, my question: has anyone seen anything like this to monitor the apache > > httpd log files (/var/log/httpd/...) to report any violations, eg. code > red > > scans, etc. and email the > > results? It should not alter the log files in any way as that would affect > > the webalizer > > splitting, etc. > > > You can configure logcheck to do this. > edit /usr/local/etc/logcheck.sh and configure > to do what ever you desire. > > Gerald
Zeffie's Sun Cobalt User Forums
Zeffie's Sun Cobalt Restore CD's
Zeffie's Sun Cobalt Updates
Sun Cobalt Users List
Sun Cobalt Security List
Sun Cobalt Developers List
Copyright 2007 by Electronic Consultants Inc.