----- Original Message ----- From: "Brian Brazil" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 17, 2004 5:47 AM Subject: Re: Debian Sarge Logcheck Query
> Just a thought - if you don't get any messages how do you know that your > machine hasn't been compromised and logcheck disabled? Maybe make use of > syslogd's MARK. (It's ignored in one of the default files). > Hi again Brian, I get your point there and if my Debian box was hosting an iptables firewall (I used to but don't need to now) then I would certainly look into this, however I am now sufficiently protected behind my ADSL router's built in NAT firewall, and I'm happy to leave it at that for the time being. If I ever get back to using iptables here at home, then I will certainly want to know that my system hasn't been compromised. > > Something I thew together quickly after I first set up logcheck was a > Perl script to let me use perl regular expressions which are a lot more > powerful. Also instead of [0-9] you can use \d. This was my main reason for > writing it as I had at least 50 perl specific regex features without realising > that they wouldn't work. Oh the pain... > http://netsoc.tcd.ie/~bbrazil/perlgrep > This is specific to logcheck. Only tested with Woody. > > Brian > Where there's scripts, there's always pain, at least from my limited exposure to them anyway... I'll have a look at your script though, although I more than likely won't understand most of it :-) Thanks again for your help! Pete -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
