...seeing you mention logtail I guess you could use tail -f from a process outside the chrooted area (i.e a process that even a compromised syslogd can't touch) and pipe that through to a secured area on the system. -----Original Message----- From: Ben Boulanger [mailto:benat_private] Sent: 06 November 2002 18:27 To: John Fitzgerald Cc: forensicsat_private Subject: RE: Remote Syslogd On Wed, 6 Nov 2002, John Fitzgerald wrote: > chrooted area on a regular basis. Does anybody know of an application > that is optimized for copying sequentially increasing files? logtail, part of the logcheck program (now called logsentry, apparently) does this nicely. It's licensed under the GPL: http://www.psionic.com/products/logsentry.html Personally, I just use logtail to periodically move only the new data from one log file to another location. I'm sure the rest of the suite is good, I just only have experience with the logtail piece. Ben ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 07:15:17 PST