On Mon, Oct 06, 2003 at 06:09:37PM -0400, Anton A. Chuvakin wrote: > Loooong time ago I saw a program which was used to check log files for > "time holes". So, for example, if you usually have a message from host > "box1" every 3-5 minutes and this time there is a 30 minute hole with > nothing from "box1", I want to know about it. logsurfer (http://www.cert.dfn.de/eng/logsurf/) can do this using rule timeouts; from the man page: timeout_rel In addition to the absolute timeout you are also able to specify a relative timeout specifing the number of seconds since the last message was added to this context. This is a kind of inactive timer you can use to launch the default action if there are no new messages stored in this context for a certain amount of time. -oddbjorn _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Oct 07 2003 - 09:24:39 PDT