[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

Next time you run logcheck it should only check entries since the last run
(it keeps a marker somewhere).

Good day
David


> I took a look at logcheck.sh, and attempted to add in
/var/log/httpd/access
> file for analysis. Without entering anything in any of the ignore files I
> would
> have expected logcheck to add the complete log of last 15 minutes.
>
> Instead it appended the entire (>11mb) access log file to the email
message,
> stretching back a few days. This isnt the behaviour I would expect, I can
> only
> guess that it could be something to do with the date format or position on
> the line?
>
> For completeness I've added a part of the logs below, all of the
> /var/log/xxx files
> seem to follow the same format with the date /time being at the start of
the
> line.
>
> -----Original Message-----
> > Now, my question: has anyone seen anything like this to monitor the
apache
> > httpd log files (/var/log/httpd/...) to report any violations, eg. code
> red
> > scans, etc. and email the
> > results? It should not alter the log files in any way as that would
affect
> > the webalizer
> > splitting, etc.
> >
> You can configure logcheck to do this.
> edit /usr/local/etc/logcheck.sh and configure
> to do what ever you desire.
>
> Gerald

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index