[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] urgent question
- Subject: Re: [cobalt-security] urgent question
- From: "MikeM" <MyRaQ@xxxxxxxxx>
- Date: Thu, 20 Sep 2001 12:51:33 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On 9/20/01 at 11:46 AM Steve Werby wrote:
|"Kai r. s., euroweb as" <kai@xxxxxxxxxx> wrote:
|> When it comes to finding the error it was almost inposible to find
|anything
|> in a 2000 mb error log! what I could se was mostely root.exe and cmd.exe
|> errors, but there could have been like a million errors i did not have
|time
|> to see.
|
|Not sure if it's been mentioned to you already, but look at logcheck on
|psionic.com. It'll look for suspicous log entries. Also learn the "grep"
|command. "man grep" from the shell for more info. It's your friend for
|finding matching text in a file.
=============
The -v option of grep is also very useful in instances such as this when the log file is clogged with worm attacks:
grep -v unwanted_text access > access.clean
will remove all records containing the string unwanted_text