Erich Titl wrote: > Hi > > If it is just about to reformat syslog to another format all the time > then you can always use > > tail -f /var/log/whatever.log | whatever.filter.program > > cheers > > Erich
No, it's about substantially decreasing the log file size. Even with SYN floods blocked the log file sometimes grows so rapidly that I run out of memory in a matter of minutes. I'm estimating that 75% of what's in the log files is either redundant or useless. Having a real-time reformatting and monitoring daemon in there could be a real benefit and as stated might also aid in exchanging information to identify possible misbehaving sites. Extending this idea one could even think of putting optional triggers in there, e.g. for automatically adding a rule that redirects an identified port scanner onto a tarpit. Gordon ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
