[prev in list] [next in list] [prev in thread] [next in thread]
List: sentry
Subject: [Abacus] logcheck - collecting login information
From: Robert Wagner <rwagner () shelton-tech ! com>
Date: 2000-09-22 17:51:11
[Download RAW message or body]
I am interested in having the information in /var/log/secure sent to me with
the hourly alerts. The log file has entries in it like:
Sep 18 09:50:22 tone in.telnetd[17560]: connect from 192.168.1.126
Sep 18 09:50:26 tone in.fingerd[17563]: connect from 192.168.1.126
Since we don't have people logging into the system on a regular basis, this
information is an ALERT to me. (I don't think many people would want this
detail - POP3 users hitting their mail server or regular login information).
I already have logcheck sending me the regular information every hour. Can
I just add "connect from" to the logcheck.violations file? Since it appears
the user already has the password to connect, I still want to get their IP
information. They may even have access to erase the log files - so I need
these sent to me as opposed to staying on the system.
Redhat 6.2, Logcheck 1.1.1
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic