Bugtraq mailing list archives
Re: syslog idea
From: fred () nasirc hq nasa gov (Fred Blonder)
Date: Fri, 07 Oct 1994 11:38:43 -0400
From: "Jonathan M. Bresler" <jmb () kryten Atinc COM> Subject: Re: syslog idea To: *Hobbit* <hobbit () bronze lcs mit edu> cc: bugtraq () crimelab com On Thu, 6 Oct 1994, *Hobbit* wrote: If you don't have a secure logging host, there's also a possibility of someone breaking in and then trashing the logfile to hide their tracks. This brought to mind the idea of a "syslog monitor", or a process that would just hang out someplace and stat the various log files periodically, using some mechanism to warn of excessive size, mysterious shrinkage, and maybe some other warning signs. take a look at tripwire from gene spafford and gene kim at purdue. version 1.2 was released just last month. it will monitor any files you want for changes . . . it will also checksum those files . . . The limitation of Tripwire in this application is that log files are ALWAYS (well, almost) changing, so if Tripwire raised the alarm on a logfile, your reaction should be: "So what?". ;-) At the FIRST Conference in Boston a couple months ago, Gene Spafford spoke about Tripwire. Someone in the audience asked about the possibility of improving Tripwire so that it could checkpoint logfiles. Gene seemed to think this was a good idea, and said he'd consider it in a future version. ----- Fred Blonder fred () nasirc hq nasa gov Hughes STX Corp. (301) 441-4079 7701 Greenbelt Rd. Greenbelt, Md. 20770
Current thread:
- Segmentation Faults Michael Bresnahan (Oct 05)
- Re: Segmentation Faults Brett Lymn (Oct 06)
- thanks! Michael Bresnahan (Oct 06)
- SMAIL Aleph One (Oct 06)
- Re: SMAIL joshua geller (Oct 06)
- Re: SMAIL James Seng (Oct 07)
- one smail bug dan (Oct 07)
- syslog idea *Hobbit* (Oct 06)
- Re: syslog idea David Kovar (Oct 06)
- Re: syslog idea Jonathan M. Bresler (Oct 07)
- Re: syslog idea Fred Blonder (Oct 07)
- Re: syslog idea Jonathan M. Bresler (Oct 07)
- Re: syslog idea Fred Blonder (Oct 07)
- Re: syslog idea Jonathan M. Bresler (Oct 08)