Re: Logcheck, Logsentry, LogRider etc.
On Mon, 2003-03-31 at 01:24, Thomas Ritter wrote: > Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic: > > I am using logcheck, personally installed on my Debian-Server/WS, > > because, there are no debian-packages .. :( > > I don't know about sarge and woody, but logcheck in sid, roughly > preconfigured > for debian systems. It's there, also in stable. And, more important, more and more packages bring their own /etc/logcheck/ignore.d* files, so the logcheck maintainer doesn't have to jump after every log-producing daemon. Works fine here. -- vbi -- featured product: the GNU Compiler Collection - http://gcc.gnu.org signature.asc Description: This is a digitally signed message part
Re: Logcheck, Logsentry, LogRider etc.
On Mon, 2003-03-31 at 01:24, Thomas Ritter wrote: > Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic: > > I am using logcheck, personally installed on my Debian-Server/WS, > > because, there are no debian-packages .. :( > > I don't know about sarge and woody, but logcheck in sid, roughly preconfigured > for debian systems. It's there, also in stable. And, more important, more and more packages bring their own /etc/logcheck/ignore.d* files, so the logcheck maintainer doesn't have to jump after every log-producing daemon. Works fine here. -- vbi -- featured product: the GNU Compiler Collection - http://gcc.gnu.org signature.asc Description: This is a digitally signed message part
Re: Logcheck, Logsentry, LogRider etc.
Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic: > I am using logcheck, personally installed on my Debian-Server/WS, > because, there are no debian-packages .. :( I don't know about sarge and woody, but logcheck in sid, roughly preconfigured for debian systems. > But the big issue with logcheck is, that you can get mails with > log-entries, but logcheck cannot provide the time to each log-message. > So .. it is quite unusable for a professional use... How should a logfile mailer do so? The timestamp must be inside the log file being parsed, where else should that info come from? Any "professionally usable" program should be able to time-stamp each of it's log message. Then logcheck sends things like Mar 30 23:34:58 hammer portsentry[1165]: attackalert: TCP SYN/Normal scan from host: 210.73.84.27/210.73.84.27 to TCP port: 21 Mar 30 23:34:58 hammer portsentry[1165]: attackalert: Host 210.73.84.27 has been blocked via wrappers with string: "ALL: 210.73.84.27 : DENY" The only thing is, it's a bit of work to configure it, like any log mailer. You get spammed by reports and disable uninteresting stuff until you only get the interesting stuff. It's one or two weeks long 2-3 minutes of adding ignore entries and one minute from time to time to cope with what updated programs write into the log ;) -- Thomas Ritter Fight against TCPA - http://www.againsttcpa.com/index.shtml
Re: Logcheck, Logsentry, LogRider etc.
At 00:27 on Mar 31, Jan-Hendrik Palic shook the earth with: > I am using logcheck, personally installed on my Debian-Server/WS, > because, there are no debian-packages .. :( > But the big issue with logcheck is, that you can get mails with > log-entries, but logcheck cannot provide the time to each log-message. > :( > So .. it is quite unusable for a professional use... http://packages.debian.org/cgi-bin/search_packages2.pl?keywords=logcheck&searchon=names I have logcheck installed via the debian packages/apt. Also the date and time are included, as long as it is a part of the message (as is standard with syslog-provided messages). -nicole
Re: Logcheck, Logsentry, LogRider etc.
Hi .. On Sun, Mar 30, 2003 at 11:42:36PM +0200, Stefan Neufeind wrote: >So generally: >I'm looking for a good log-monitoring-tool - not only for Debian- >systems (at least I'm honest) so I need to be able to also compile >and package it again myself for different systems. I am using logcheck, personally installed on my Debian-Server/WS, because, there are no debian-packages .. :( But the big issue with logcheck is, that you can get mails with log-entries, but logcheck cannot provide the time to each log-message. :( So .. it is quite unusable for a professional use... >Could you give me any advice, explain why Psionic was taken over by >cisco etc.? And where can I find current homepages for logcheck, >logsentry etc.? www.google.de should know it. regards Jan -- .''`.Jan-Hendrik Palic | : :' : ** Debian GNU/ Linux ** | ** OpenOffice.org ** ,.. ,.. `. `' http://www.debian.org | http://www.openoffice.org ,: ..` ` `- [EMAIL PROTECTED] | ' ` ` pgpnQammJUebj.pgp Description: PGP signature
Logcheck, Logsentry, LogRider etc.
Hi, I read on this list that several people are using logcheck, right? Is this still up2date? Somewhere on the net I found that it was followed by logsentry from Psionic - but this company doesn't seem to exist anymore. Afaik logsentry at last was also free. And does anybody know something about LogRider (http://freshmeat.net/projects/logrider/?topic_id=253)? So generally: I'm looking for a good log-monitoring-tool - not only for Debian- systems (at least I'm honest) so I need to be able to also compile and package it again myself for different systems. Could you give me any advice, explain why Psionic was taken over by cisco etc.? And where can I find current homepages for logcheck, logsentry etc.? Thank you Stefan
Re: Logcheck, Logsentry, LogRider etc.
Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic: > I am using logcheck, personally installed on my Debian-Server/WS, > because, there are no debian-packages .. :( I don't know about sarge and woody, but logcheck in sid, roughly preconfigured for debian systems. > But the big issue with logcheck is, that you can get mails with > log-entries, but logcheck cannot provide the time to each log-message. > So .. it is quite unusable for a professional use... How should a logfile mailer do so? The timestamp must be inside the log file being parsed, where else should that info come from? Any "professionally usable" program should be able to time-stamp each of it's log message. Then logcheck sends things like Mar 30 23:34:58 hammer portsentry[1165]: attackalert: TCP SYN/Normal scan from host: 210.73.84.27/210.73.84.27 to TCP port: 21 Mar 30 23:34:58 hammer portsentry[1165]: attackalert: Host 210.73.84.27 has been blocked via wrappers with string: "ALL: 210.73.84.27 : DENY" The only thing is, it's a bit of work to configure it, like any log mailer. You get spammed by reports and disable uninteresting stuff until you only get the interesting stuff. It's one or two weeks long 2-3 minutes of adding ignore entries and one minute from time to time to cope with what updated programs write into the log ;) -- Thomas Ritter Fight against TCPA - http://www.againsttcpa.com/index.shtml -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Logcheck, Logsentry, LogRider etc.
At 00:27 on Mar 31, Jan-Hendrik Palic shook the earth with: > I am using logcheck, personally installed on my Debian-Server/WS, > because, there are no debian-packages .. :( > But the big issue with logcheck is, that you can get mails with > log-entries, but logcheck cannot provide the time to each log-message. > :( > So .. it is quite unusable for a professional use... http://packages.debian.org/cgi-bin/search_packages2.pl?keywords=logcheck&searchon=names I have logcheck installed via the debian packages/apt. Also the date and time are included, as long as it is a part of the message (as is standard with syslog-provided messages). -nicole -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Logcheck, Logsentry, LogRider etc.
Hi .. On Sun, Mar 30, 2003 at 11:42:36PM +0200, Stefan Neufeind wrote: >So generally: >I'm looking for a good log-monitoring-tool - not only for Debian- >systems (at least I'm honest) so I need to be able to also compile >and package it again myself for different systems. I am using logcheck, personally installed on my Debian-Server/WS, because, there are no debian-packages .. :( But the big issue with logcheck is, that you can get mails with log-entries, but logcheck cannot provide the time to each log-message. :( So .. it is quite unusable for a professional use... >Could you give me any advice, explain why Psionic was taken over by >cisco etc.? And where can I find current homepages for logcheck, >logsentry etc.? www.google.de should know it. regards Jan -- .''`.Jan-Hendrik Palic | : :' : ** Debian GNU/ Linux ** | ** OpenOffice.org ** ,.. ,.. `. `' http://www.debian.org | http://www.openoffice.org ,: ..` ` `- [EMAIL PROTECTED] | ' ` ` pgp0.pgp Description: PGP signature
Logcheck, Logsentry, LogRider etc.
Hi, I read on this list that several people are using logcheck, right? Is this still up2date? Somewhere on the net I found that it was followed by logsentry from Psionic - but this company doesn't seem to exist anymore. Afaik logsentry at last was also free. And does anybody know something about LogRider (http://freshmeat.net/projects/logrider/?topic_id=253)? So generally: I'm looking for a good log-monitoring-tool - not only for Debian- systems (at least I'm honest) so I need to be able to also compile and package it again myself for different systems. Could you give me any advice, explain why Psionic was taken over by cisco etc.? And where can I find current homepages for logcheck, logsentry etc.? Thank you Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]