Judson Lester <jlester@tulane.edu> writes:
> One technique I've adopted for log audits is called "artificial
> ignorance." It essentially amounts to building filters for your logs
> and reporting (via email, say) any log events that aren't filtered.
This is exactly what Logchecker does. Well, you can also say "this
is a security issue", but the best part is setting up lists of things
to ignore.
Debian packages add bits for logcheck to ignore or watch for, so that
helps, too.
-- As long as you have mystery you have health; when you destroy mystery you create morbidity. -- G.K. Chesterson ___________________ Nolug mailing list nolug@nolug.orgReceived on 07/22/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST