[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] local ftp and pop3 logins
- Subject: Re: [cobalt-security] local ftp and pop3 logins
- From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 Mar 2001 20:04:20 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Its a pain in the arse, as most of our logs are full of 127.0.0.1,
> amking it hard to check for real use/abuse etc.
You might want to consider disabling the checker ? As I view it, the
cobalt status checker is there for people who want to user the web front
end exclusivly, but there's no reason why you can't produce a small script
to replace it which will check for the relevant processes and possibly
e-mail you if they're not found.
If you want to keep it going, you might want to have a look at a log
analyser (yeah, I know you could just use grep -v as someone has pointed
out). We use Logcheck[1] to filter all the 'everyday junk' out of the
logs and e-mail us the rest.
Regards,
John
[1] http://www.psionic.com/abacus/logcheck/