[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] urgent question

Subject: Re: [cobalt-security] urgent question
From: "MikeM" <MyRaQ@xxxxxxxxx>
Date: Thu, 20 Sep 2001 12:51:33 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On 9/20/01 at 11:46 AM Steve Werby wrote:

|"Kai r. s., euroweb as" <kai@xxxxxxxxxx> wrote:
|> When it comes to finding the error it was almost inposible to find
|anything
|> in a 2000 mb error log! what I could se was mostely root.exe and cmd.exe
|> errors, but there could have been like a million errors i did not have
|time
|> to see.
|
|Not sure if it's been mentioned to you already, but look at logcheck on
|psionic.com.  It'll look for suspicous log entries.  Also learn the "grep"
|command.  "man grep" from the shell for more info.  It's your friend for
|finding matching text in a file.
=============


The -v option of grep is also very useful in instances such as this when the log file is clogged with worm attacks:  

	grep -v unwanted_text  access  > access.clean

will remove all records containing the string unwanted_text

References:
- SV: [cobalt-security] urgent question
  - From: Kai r. s., euroweb as
- Re: [cobalt-security] urgent question
  - From: Steve Werby

Prev by Date: SV: [cobalt-security] Nimba scanner shell script
Next by Date: Re: [cobalt-security] NAT Question
Previous by thread: Re: [cobalt-security] urgent question
Next by thread: SV: [cobalt-security] urgent question

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index