Next time you run logcheck it should only check entries since the last run (it keeps a marker somewhere). Good day David > I took a look at logcheck.sh, and attempted to add in /var/log/httpd/access > file for analysis. Without entering anything in any of the ignore files I > would > have expected logcheck to add the complete log of last 15 minutes. > > Instead it appended the entire (>11mb) access log file to the email message, > stretching back a few days. This isnt the behaviour I would expect, I can > only > guess that it could be something to do with the date format or position on > the line? > > For completeness I've added a part of the logs below, all of the > /var/log/xxx files > seem to follow the same format with the date /time being at the start of the > line. > > -----Original Message----- > > Now, my question: has anyone seen anything like this to monitor the apache > > httpd log files (/var/log/httpd/...) to report any violations, eg. code > red > > scans, etc. and email the > > results? It should not alter the log files in any way as that would affect > > the webalizer > > splitting, etc. > > > You can configure logcheck to do this. > edit /usr/local/etc/logcheck.sh and configure > to do what ever you desire. > > Gerald
Sun Cobalt and other Linux administration by Zeffie
A Sun Cobalt and Linux Specialist Since 1999
Sun Cobalt Repairs, Development, and Maintenance.
Home of the Worlds Largest Collection of Sun Cobalt Updates!
Sun Cobalt Spam Filter, Security, Firewall, Anti Virus Products.
734-454-9117 US Toll Free 800-231-4459
Copyright 2009 by Electronic Consultants Inc.