-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks!
I'd like to ask what people do with their AIDE output at times when a lot of things change on their system? I've gone through the AIDE configuration, and I feel like having configured it well, to catch the things that might be trojaned while leaving out things that I would certainly change often. But I'm working a lot on the system these days, so the output just keeps growing out of hand really quick. I get a Too Much Information problem within a week of having created the database. Last night's output was close to 3000 lines, but I've had up to 60000 lines of output there... I find it hard to keep up at all when the output exceeds a hundred lines. So, I've got to do something, but I don't really understand what. aide --update, ok, but what does that really mean? It just creates a new database to compare with the old, but then, I should keep the old, because there are too many changes for me to keep up and be certain that nothing Bad[tm] as slipped in.... But if I do, the problem just keeps growing... So I hope the kind folks here can offer some advice... :-) Best, Kjetil - -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9tWBllE/Gp2pqC7wRAh2mAJwLpsL5PmPehawrkmOC368xMsFENQCdHevV w81q6a0R1km8GbjxGTcZFng= =sOls -----END PGP SIGNATURE-----
