RE: [logs] LOGTREND (with an offering of zlister)

From: Joe Wulf (joe_wulfat_private)
Date: Wed Jul 24 2002 - 08:59:38 PDT

  • Next message: Rajkumar S.: "Re: [logs] discussion of BIND logging"

    Hello Tina and Justin,
    
    I've not seen or used LogTrend before this email thread, though I'm looking at
    them now.  Tripwire has value in what it can do, regardless of whether you are
    using the free or commercial versions.  I offer "zlister" as an alternative to
    Tripwire, though specifically for unix systems, to anyone who would benefit
    from its focus.  I began writing zlister as an effort to list a unix file
    system and determine what has changed over time.
    
    Today, this tool is comprised of one "csh" engine script (copious
    documentation included) and supported by five "awk" scripts.  zlister will list
    an entire unix file system, parse the path into the data line, so that all the
    elements of a file definition are located on one line, compress the file and
    store it for reference.  A second/future execution will do the same process
    again as well as provide a file identifying the "diff"erences between the
    current execution and the previous one.
    
    This is a tool that I use in real live production environments to document what
    the state of the filesystem is today, it allows me to execute it as often as I
    desire, when I need it.  The advantage of the data collection is that I can
    review the state of the FS at any point in its documented history as far back
    as I have collected the data.  It allows me to answer questions like "well, I
    know my application configuration was working two weeks ago - what has changed
    since then?"  Assuming zlister was run at least once a day, I can pinpoint
    exactly what files changed, each day, in the previous 14 days.  Assuming
    further,
    that I have been performing daily backups, I can restore specific files, as
    identified by zlister.
    
    zlister is free and available to anyone who wants it.  Version 1.5g is the
    latest that is available on the internet, at
    "http://www.ibiblio.org/pub/Linux/system/admin/".
    
    R,
    -Joe Wulf
    
    
    --- "Tran, Justin  (Contractor)" <justin_tran-contractorat_private> wrote:
    >  Hello group,
    > 
    > I am loking for an centalized audit log tool that can pull Solaris and NT
    > audit log and/or provide some check for file integrity (i.e., Tripwire).
    > Any info is greatly appreciated.
    > 
    > TIA,
    > Justin
    > 
    > -----Original Message-----
    > From: Tina Bird
    > To: Log Analysis Mailing List
    > Sent: 7/23/02 5:23 PM
    > Subject: [logs] LOGTREND
    > 
    > Anyone out there played around with this?
    > 
    > http://www.logtrend.org/english/index.shtml
    > 
    > t.
    > 
    > "The road of excess leads to the palace of wisdom."
    >                                   William Blake, "Proverbs of Hell"
    > 
    > http://www.shmoo.com/~tbird
    > Log Analysis http://www.counterpane.com/log-analysis.html
    > VPN http://vpn.shmoo.com
    > 
    > ---------------------------------------------------------------------
    > To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    > For additional commands, e-mail: loganalysis-helpat_private
    
    
    __________________________________________________
    Do You Yahoo!?
    Yahoo! Health - Feel better, live better
    http://health.yahoo.com
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Wed Jul 24 2002 - 09:33:38 PDT