Re: syslog idea

Jonathan M. Bresler (jmb@kryten.Atinc.COM)
Fri, 7 Oct 1994 11:50:50 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dror Matalon: "Re: syslog idea"
Previous message: Michael Bresnahan: "Seg"
In reply to: Fred Blonder: "Re: syslog idea"
Next in thread: Fred Blonder: "Re: syslog idea"

On Fri, 7 Oct 1994, Fred Blonder wrote:

> 	take a look at tripwire from gene spafford and gene kim at
> 	purdue.  version 1.2 was released just last month.  it will
> 	monitor any files you want for changes . . .  it  will also
> 	checksum those files . . .
> 
> The limitation of Tripwire in this application is that log files are
> ALWAYS (well, almost) changing, so if Tripwire raised the alarm on a
> logfile, your reaction should be: "So what?".  ;-)
> 
> At the FIRST Conference in Boston a couple months ago, Gene Spafford
                                     ^^^^^^^^^^^^^^^^^^
	before the latest release of tripwire ;)

> spoke about Tripwire.  Someone in the audience asked about the
> possibility of improving Tripwire so that it could checkpoint
> logfiles.  Gene seemed to think this was a good idea, and said he'd
> consider it in a future version.

	and he did!

	take a look at the Changelog and at tw.conf.XXX files.  you can 
specify that tripwire should ignore changes in size, access time, 
modification time and signatures for log files.

jmb

Jonathan M. Bresler  jmb@kryten.atinc.com	| Analysis & Technology, Inc.  
						| 2341 Jeff Davis Hwy
play go.					| Arlington, VA 22202
ride bike. hack FreeBSD.--ah the good life	| 703-418-2800 x346

Next message: Dror Matalon: "Re: syslog idea"
Previous message: Michael Bresnahan: "Seg"
In reply to: Fred Blonder: "Re: syslog idea"
Next in thread: Fred Blonder: "Re: syslog idea"