On Thu, Oct 11, 2001 at 09:31:39PM +0200, Fred Mobach wrote: > Hello, > > That's a great post, simple and straight. You'll have of course your > reasons for doing so and I have to admit that I mostly use the same > strategy. However, one not so minor detail in my strategy is different. > > Where you are looking for interesting items and emails those to the > selected staff I unselect uninteresting messages and post the remaining > messages to : > - known messages to the operators for that software package, > - unknown messages to the security officers. > The latter because I never know beforehand what's going on. I don't want this to be a "me too" message, but me too! ;) I took a hard look at different ways to monitor logfiles, and came to the conclusion that tools like swatch and logsurfer which alert you to preconfigured events are essential, they don't address the whole problem. Tools that take the approach of logcheck, of showing you that which you have not explicitly chosen to ignore are the most useful (though perhaps noisy at times). FWIW, I use swatch and (a modified) logcheck in my centralized syslog loghost implementation, and find they complement each other very well. -- Nate Campi, UNIX Ops WiReD SF, Terra Lycos DNS, (415) 276-8678 "During the million-dollar BIND 9 rewrite, Paul Vixie characterized the original BIND code as `sleazeware produced in a drunken fury by a bunch of U C Berkeley grad students.'" - DJB cr.yp.to/djbdns/blurb/unbind.html --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 14:09:48 PDT