Bugtraq mailing list archives
Re: syslog idea
From: jmb () kryten Atinc COM (Jonathan M. Bresler)
Date: Sat, 8 Oct 1994 23:59:18 -0400 (EDT)
On Fri, 7 Oct 1994, Fred Blonder wrote:
ALWAYS (well, almost) changing, so if Tripwire raised the alarm on a logfile, your reaction should be: "So what?". ;-)
again if you are checking only, uid, gid, size increasing only,
etc then so what is the wrong reaction.
At the FIRST Conference in Boston a couple months ago, Gene Spafford spoke about Tripwire. Someone in the audience asked about the possibility of improving Tripwire so that it could checkpoint logfiles. Gene seemed to think this was a good idea, and said he'd consider it in a future version.
that is a different idea than what i thought you said. good
point. rotating the logs and checking the older ones with a signature
approaches this. it a matter of granularity. an inplace checkpoint
could occur much more frequently.
jmb
Jonathan M. Bresler jmb () kryten atinc com | Analysis & Technology, Inc.
| 2341 Jeff Davis Hwy
play go. | Arlington, VA 22202
ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346
Current thread:
- SMAIL, (continued)
- SMAIL Aleph One (Oct 06)
- Re: SMAIL joshua geller (Oct 06)
- Re: SMAIL James Seng (Oct 07)
- one smail bug dan (Oct 07)
- syslog idea *Hobbit* (Oct 06)
- Re: syslog idea David Kovar (Oct 06)
- Re: syslog idea Jonathan M. Bresler (Oct 07)
- Re: syslog idea Fred Blonder (Oct 07)
- Re: syslog idea Jonathan M. Bresler (Oct 07)
- Re: syslog idea Fred Blonder (Oct 07)
- Re: syslog idea Jonathan M. Bresler (Oct 08)
- SMAIL Aleph One (Oct 06)