Firewall Wizards mailing list archives
Re: Log file monitoring - retail?
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Wed, 17 Mar 1999 09:58:17 -0500
carson () tla org wrote:
Once upon a time, I heard of a utility called retail. It was basically 'tail -f' that noticed if a new file had replaced the old and re-opened it (log file rotation, for example).
Retail was part of Gauntlet1.0, I wrote it do to the "intrusion detection" aspect of its log parsing. It wasn't more than a 20 minute hack. You just save the position in the file and its inode and whenever you open it, if the inode's the same you seek to the position and start dumping, and if the inode has changed you look for the inode in the directory and do the dump then re-open the file and reset.
However, I can now find no reference to this. Does anyone know it's whereabouts, or if something equivilant exists?
Craig Rowland wrote a thing called "logcheck" that was intended to do the same thing. I haven't looked at it but you might like to. It used to be on: http://www.psionic.com/logcheck.html according to my reference file. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Log file monitoring - retail? carson (Mar 16)
- Re: Log file monitoring - retail? Craig H. Rowland (Mar 17)
- Re: Log file monitoring - retail? Marcus J. Ranum (Mar 17)
- RE: Log file monitoring - retail? ygk (Mar 17)
- Re: Log file monitoring - retail? Daniel J. Gregor Jr. (Mar 17)
- Re: Log file monitoring - retail? Rick Murphy (Mar 17)
- Re: Log file monitoring - retail? ark (Mar 17)
- Re: Log file monitoring - retail? reynhout (Mar 17)
- RE: Log file monitoring - retail? Joseph Judge (Mar 19)
- <Possible follow-ups>
- RE: Log file monitoring - retail? Shivdasani, Meenoo (Mar 17)
- Re: Log file monitoring - retail? Antonomasia (Mar 17)