[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Logcheck vs Logwatch

Subject: [ale] Logcheck vs Logwatch
From: attriel at d20boards.net (attriel)
Date: Mon Dec 20 11:56:21 2004
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

> 186 messages sent is nothing.  If you had been "hacked to use as a
> spam relay" you'd see 10,000-1,000,000 messages sent.  Keep an eye
> on the logs (preferably using Logcheck instead of LogWatch), but I
> don't see this as evidence of any problems.

How is Logcheck better than Logwatch?  I'm setting up a system with a
loghost machine (w/o external access; it accepts ONLY syslog UDP packets,
on an internal network) and I was looking at logwatch and logcheck (and
swatch), and decided that logwatch seemed to be a better mechanism for
getting information and statistics for at least basic filtering, and
figured anything "unexpected" could be then tracked more manually

Is logcheck (that's the logsentry one right?) really better?

--attriel

Follow-Ups:
- [ale] Logcheck vs Logwatch
  - From: bob at verysecurelinux.com (Bob Toxen)

References:
- [ale] Hacked to spam??
  - From: johnmills at speakeasy.net (John Mills)
- [ale] Hacked to spam??
  - From: bob at verysecurelinux.com (Bob Toxen)

Prev by Date: [ale] need working dialup
Next by Date: [ale] XFS multi-mount
Previous by thread: [ale] Hacked to spam??
Next by thread: [ale] Logcheck vs Logwatch
Index(es):
- Date
- Thread