Re: syslog idea

Jonathan M. Bresler (jmb@kryten.Atinc.COM)
Sat, 8 Oct 1994 23:59:18 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Hannan: "Re: Wanted: hackers for tiger team (new england area)"
Previous message: der Mouse: "Re: Seg"
In reply to: Fred Blonder: "Re: syslog idea"
Next in thread: John LaCour: "Re: syslog idea"

On Fri, 7 Oct 1994, Fred Blonder wrote:

> ALWAYS (well, almost) changing, so if Tripwire raised the alarm on a
> logfile, your reaction should be: "So what?".  ;-)

	again if you are checking only, uid, gid, size increasing only,
etc then so what is the wrong reaction. 

> At the FIRST Conference in Boston a couple months ago, Gene Spafford
> spoke about Tripwire.  Someone in the audience asked about the
> possibility of improving Tripwire so that it could checkpoint
> logfiles.  Gene seemed to think this was a good idea, and said he'd
> consider it in a future version.

	that is a different idea than what i thought you said.  good 
point.  rotating the logs and checking the older ones with a signature 
approaches this.   it a matter of granularity.  an inplace checkpoint 
could occur much more frequently.

jmb

Jonathan M. Bresler  jmb@kryten.atinc.com	| Analysis & Technology, Inc.  
						| 2341 Jeff Davis Hwy
play go.					| Arlington, VA 22202
ride bike. hack FreeBSD.--ah the good life	| 703-418-2800 x346

Next message: Alan Hannan: "Re: Wanted: hackers for tiger team (new england area)"
Previous message: der Mouse: "Re: Seg"
In reply to: Fred Blonder: "Re: syslog idea"
Next in thread: John LaCour: "Re: syslog idea"