On 12 Sep 2001 19:37:30 -0700, Mike Hoover sez:
Quote:>Due to recent severe problem with my Linux box (it actually turned out
>I ran out of hard drive space and didn't notice it), I've gotten
>serious about security and the syslog because I though I was hacked.
>Anyway, I'm just curious what everyone's favorite program is for
>viewing the logs on their computer. There's a program called system
>log viewer that came with my distro and it really sucks. I get better
>results using cat /var/log/syslog | grep xxxx | less. What do all of
>you security gurus use?
So what's wrong with cat | grep | less? It's always worked fine for
me! That's the beautiful thing about Linux... there's no need to
run stupid resource-hogging utilities when you can handle
everything with the basic kernel commands.
Quote:>On a side note, my syslog is getting rather large (3mb). Can I trim
>away and tar the old stuff or use some script to keep the log from
>growing so large in the future?
rm * -f once a month works wonders for me; then I restart syslog. I
figure, once I've analyzed the living daylights out of my logs and
there aren't any surprises, I don't really care about keeping 6 months
of login/logout entries, mail logs, ipchain DENY logs from the
countless port 80 scans from Red Alert, etc.
Anyway, sure, go ahead and tar or gzip or lha or whatever your
old logs. I'm sure if you wanted to you could throw together a
script in cron.monthly or whatever that would create a date-based
archive of the log files, rm them, and restart syslog... but for
something you only do once a month or so, you might as well
do it manually so you can have more control over what gets
archived, deleted, etc.
Peter B. Steiger
If you reply by email, send it to pbs at com dot
canada (or vice-versa). All adverti*ts will be
returned to your postmaster, eh!