Re: Logcheck Keyword Files
Mark Bucciarelli said at 08/06/04 17:24: I'm thinking about using the logcheck [1] program for intrusion detection, and was wondering if anyone here uses it. If so, have you modified the keyword filter files? I'd advise creating a 'local' definition in /etc/logcheck/ignore.d/ and friends rather than editing packaged files. Avoids getting prompted to replace them when you upgrade. I'd also recommend using log2mail for those times when you want to be notified quickly of something in a log file (like a raid disk dying). Backport the unstable version though. IIRC I had problems with the stable version. Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Re: Logcheck Keyword Files
Mark Bucciarelli said at 08/06/04 17:24: I'm thinking about using the logcheck [1] program for intrusion detection, and was wondering if anyone here uses it. If so, have you modified the keyword filter files? I'd advise creating a 'local' definition in /etc/logcheck/ignore.d/ and friends rather than editing packaged files. Avoids getting prompted to replace them when you upgrade. I'd also recommend using log2mail for those times when you want to be notified quickly of something in a log file (like a raid disk dying). Backport the unstable version though. IIRC I had problems with the stable version. Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to set up a Debian mirror..
Sonny was heard to utter, at roughly 29/03/04 16:27: I was thinking about setting up a mirror of Debian for a local computer group in the area, but a simple wget will result in way too much being pulled down for what they need. Are there any scripts publicly available to just mirror say stable .. testing .. unstable i386 only? OR Are there utilities in Debian that will make it easy to maintain a mirror of i386 Debian ? $ apt-cache search debian mirror I use debmirror which seems to do the job. Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Re: How to set up a Debian mirror..
Sonny was heard to utter, at roughly 29/03/04 16:27: I was thinking about setting up a mirror of Debian for a local computer group in the area, but a simple wget will result in way too much being pulled down for what they need. Are there any scripts publicly available to just mirror say stable .. testing .. unstable i386 only? OR Are there utilities in Debian that will make it easy to maintain a mirror of i386 Debian ? $ apt-cache search debian mirror I use debmirror which seems to do the job. Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Joey Hess said the following on 29/01/04 21:48: Ronny Adsetts wrote: The original poster is simply not keeping his queue clean of frozen messages. Shouldn't that be the MTA's job? I never understood why exim has such brain-dead defaults as requring an admin to manually deal with "frozen" messages. Every other MTA I have ever used has not even had such a concept. I do agree that the default handling of frozen messages is not good. I guess the premise is let's not throw anything away unless we're told to. I dunno how exim4 handles this - still on woody and not yet played with it - but maybe a debconf question at setup could change this default behaviour. Or just change the default config in the deb anyway. Regards, Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Joey Hess said the following on 29/01/04 21:48: Ronny Adsetts wrote: The original poster is simply not keeping his queue clean of frozen messages. Shouldn't that be the MTA's job? I never understood why exim has such brain-dead defaults as requring an admin to manually deal with "frozen" messages. Every other MTA I have ever used has not even had such a concept. I do agree that the default handling of frozen messages is not good. I guess the premise is let's not throw anything away unless we're told to. I dunno how exim4 handles this - still on woody and not yet played with it - but maybe a debconf question at setup could change this default behaviour. Or just change the default config in the deb anyway. Regards, Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Craig Sanders said the following on 29/01/04 11:31: On Thu, Jan 29, 2004 at 10:03:35AM +, Ronny Adsetts wrote: Craig Sanders said the following on 28/01/04 23:36: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. On what do you base this conlusion? the fact that it doesn't scale. That's not a proven fact here - it's a conclusion. Where's the data to back it up? I'm not arguing that exim is the most efficient MTA out there. It's probably not. It's no dog either though. the original poster's system was an example. That's not proof that the system doesn't scale. It's simply a configuration issue. allanon:/var/spool/exim/input# du -sh 2.3M. allanon:/var/spool/exim/input# ls -1 |wc -l 407 The original poster is simply not keeping his queue clean of frozen messages. Several large ISP's in the UK use exim that I know of which seems to indicate otherwise. several large ISPs around the world use IIS & MS SQL servers too...doesn't make that a good idea, either. True. And irrelevant. Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Craig Sanders said the following on 29/01/04 11:31: On Thu, Jan 29, 2004 at 10:03:35AM +, Ronny Adsetts wrote: Craig Sanders said the following on 28/01/04 23:36: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. On what do you base this conlusion? the fact that it doesn't scale. That's not a proven fact here - it's a conclusion. Where's the data to back it up? I'm not arguing that exim is the most efficient MTA out there. It's probably not. It's no dog either though. the original poster's system was an example. That's not proof that the system doesn't scale. It's simply a configuration issue. allanon:/var/spool/exim/input# du -sh 2.3M. allanon:/var/spool/exim/input# ls -1 |wc -l 407 The original poster is simply not keeping his queue clean of frozen messages. Several large ISP's in the UK use exim that I know of which seems to indicate otherwise. several large ISPs around the world use IIS & MS SQL servers too...doesn't make that a good idea, either. True. And irrelevant. Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Craig Sanders said the following on 28/01/04 23:36: > i can't answer your question, but here's some relevant advice for you: > > exim doesn't scale. if you want performance, switch to postfix. > On what do you base this conlusion? Several large ISP's in the UK use exim that I know of which seems to indicate otherwise. Regards, Ronny Adsetts -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Craig Sanders said the following on 28/01/04 23:36: > i can't answer your question, but here's some relevant advice for you: > > exim doesn't scale. if you want performance, switch to postfix. > On what do you base this conlusion? Several large ISP's in the UK use exim that I know of which seems to indicate otherwise. Regards, Ronny Adsetts -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
