Firewall Wizards mailing list archives

Re: Log file monitoring - retail?

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Wed, 17 Mar 1999 09:58:17 -0500

carson () tla org wrote:

Once upon a time, I heard of a utility called retail. It was basically
'tail -f' that noticed if a new file had replaced the old and
re-opened it (log file rotation, for example).


Retail was part of Gauntlet1.0, I wrote it do to the
"intrusion detection" aspect of its log parsing. It
wasn't more than a 20 minute hack. You just save the
position in the file and its inode and whenever you
open it, if the inode's the same you seek to the
position and start dumping, and if the inode has
changed you look for the inode in the directory
and do the dump then re-open the file and reset.

However, I can now find no reference to this. Does anyone know it's
whereabouts, or if something equivilant exists?


Craig Rowland wrote a thing called "logcheck" that
was intended to do the same thing. I haven't looked
at it but you might like to. It used to be on:
http://www.psionic.com/logcheck.html
according to my reference file.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr

Current thread:

Log file monitoring - retail? carson (Mar 16)
- Re: Log file monitoring - retail? Craig H. Rowland (Mar 17)
- Re: Log file monitoring - retail? Marcus J. Ranum (Mar 17)
- RE: Log file monitoring - retail? ygk (Mar 17)
- Re: Log file monitoring - retail? Daniel J. Gregor Jr. (Mar 17)
- Re: Log file monitoring - retail? Rick Murphy (Mar 17)
- Re: Log file monitoring - retail? ark (Mar 17)
- Re: Log file monitoring - retail? reynhout (Mar 17)
  - RE: Log file monitoring - retail? Joseph Judge (Mar 19)
- <Possible follow-ups>
- RE: Log file monitoring - retail? Shivdasani, Meenoo (Mar 17)
- Re: Log file monitoring - retail? Antonomasia (Mar 17)