RE: Perl script for syslog time inconsistancies?

[Blanchard_Michael () emc com]

Just looking through the log files themselves, on a possibly pwned machine...  Seeing if any pieces of log file aren't 
in the order they should be, like if someone cut a section of log file and pasted it in over something else.... That 
type of thing 


Michael P. Blanchard 
Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 
Office: (508)898-7102      
Cell:     (508)958-2780 
Pager:  (877)552-3945 
email:  Blanchard_Michael () EMC COM 

-----Original Message-----
From: Fergie [mailto:fergdawg () netzero net] 
Sent: Sunday, October 01, 2006 3:43 PM
To: Blanchard, Michael (InfoSec)
Cc: funsec () linuxbox org
Subject: Re: [funsec] Perl script for syslog time inconsistancies?

If you're running NTP-synch'd devices, what "issues" would there be?

- ferg



-- Blanchard_Michael () emc com wrote:
 
There's a pearl script that will check for syslog time inconsistancies
and I think other time stamp inconsistancies as well.  I can't remember
the name of it but does anyone know of the pearl scripts I'm thinking of?
  Or any other app that will check time stamps for "issues"?



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.