Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic: > I am using logcheck, personally installed on my Debian-Server/WS, > because, there are no debian-packages .. :(
I don't know about sarge and woody, but logcheck in sid, roughly preconfigured for debian systems. > But the big issue with logcheck is, that you can get mails with > log-entries, but logcheck cannot provide the time to each log-message. > So .. it is quite unusable for a professional use... How should a logfile mailer do so? The timestamp must be inside the log file being parsed, where else should that info come from? Any "professionally usable" program should be able to time-stamp each of it's log message. Then logcheck sends things like Mar 30 23:34:58 hammer portsentry[1165]: attackalert: TCP SYN/Normal scan from host: 210.73.84.27/210.73.84.27 to TCP port: 21 Mar 30 23:34:58 hammer portsentry[1165]: attackalert: Host 210.73.84.27 has been blocked via wrappers with string: "ALL: 210.73.84.27 : DENY" The only thing is, it's a bit of work to configure it, like any log mailer. You get spammed by reports and disable uninteresting stuff until you only get the interesting stuff. It's one or two weeks long 2-3 minutes of adding ignore entries and one minute from time to time to cope with what updated programs write into the log ;) -- Thomas Ritter Fight against TCPA - http://www.againsttcpa.com/index.shtml