Re: Log analyzer

From: Stephen E. Hargrove (stephen@virtual-attorney.com)
Date: 01/10/02


Date: Wed, 9 Jan 2002 17:00:23 -0600
From: "Stephen E. Hargrove" <stephen@virtual-attorney.com>
To: focus-linux@securityfocus.com


* Jerome Tytgat (j.tytgat@energis.fr) spake thusly:
>
> Logcheck is pretty good and fairly simple to configure but limited
> to /var/log/messages...

this is not correct. logcheck.sh will parse whatever log files you tell
it. following is an excerpt from the script:

$LOGTAIL /var/log/messages > $TMPDIR/check.$$
$LOGTAIL /var/log/secure >> $TMPDIR/check.$$
$LOGTAIL /var/log/maillog >> $TMPDIR/check.$$

as you can see, my logcheck.sh parses messages, secure and maillog. if
you have others you want included, just add them.

-- 
 ____) ,_)
(-(__ -|- _    _
 ____) | (/_\/(/_
(
 _______________________________________________
| http://www.exitwound.org    : hard to find    |
| http://www.buckowensfan.com : he's the man    |
 _______________________________________________
| Q: What is purple and concord the world? A:   |
| Alexander the Grape.                          |
 _______________________________________________
 -------------BEGIN GEEK CODE BLOCK-------------
| Version: 3.1                                  |
| GJ/IT d- s: a C+++>$ UL++++ P+++ L+++ E--- W++| 
| N+@ o K- w O- M- V PS+ PE Y+ PGP++ t+@ 5@ X++ |
| R tv+@ b+ DI++++ D+ G++ e++++ h---- r+++ y+++ |
 --------------END GEEK CODE BLOCK--------------