[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] NIMDA Worm

Subject: Re: [cobalt-users] NIMDA Worm
From: Harald Messinger <hmessinger@xxxxxxxxxxxxxx>
Date: Wed Sep 19 23:08:43 2001
Organization: HT-Software Lampart&Messinger
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

>I've problems with the NIMDA-Worm and my Logfiles (Raq2), they got today a
>very big file-size and my hdd get's nearly full. do you have ideas to stop
>logging when the NIMDA-Worm ist trying to attack my server?

I've added the following line to /etc/cron.quarter-daily/splitlogs.pl

 next if ($_=~/\/winnt/)||($_=~/\/scripts/)||($_=~/default.ida/)||($_=~/\/MSADC/);

right before the line:
 print COMB;


This shoukld prevent all entries regarding the worms "code red" an "nimda" from
being inserted in the combined-access and the virtual hosts log files.


Best regards,
 Harald Messinger

Follow-Ups:
- Re: [cobalt-users] NIMDA Worm
  - From: Tomas Garcia Ferrari
- Re: [cobalt-users] NIMDA Worm
  - From: Dave Robinson

Prev by Date: Re: [cobalt-users] Dead.Letter - How & Can I delete them Part 2
Next by Date: RE: [cobalt-users] Dead.Letter - How & Can I delete them Part 2
Previous by thread: Re: [cobalt-users] NIMDA Worm
Next by thread: Re: [cobalt-users] NIMDA Worm

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index