Re: searching logs for key phrases

Guido van Rooij (Guido.vanRooij@nl.cis.philips.com)
Wed, 27 Nov 1996 14:02:14 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tracy R. Reed: "Re: searching logs for key phrases"
Previous message: Christopher Klaus: "S3"
Maybe in reply to: Mike Kienenberger: "searching logs for key phrases"
Next in thread: Tracy R. Reed: "Re: searching logs for key phrases"

at "Nov 26, 96 01:07:53 pm"
X-Mailer: ELM [version 2.4ME+ PL19 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-ids
Precedence: bulk
Reply-To: ids

Mike Kienenberger wrote:
> 
> VRFY            /usr/adm/*SYSLOG.mail   check mail logs for VRFY commands
> EXPN            /usr/adm/*SYSLOG.mail   check mail logs for EXPN commands
> " command "     /usr/adm/*SYSLOG.mail   check mail logs for debug/wiz commands
> 
> deni                    /usr/adm/*SYSLOG.auth   check for denied net cmds in S
YS
> LOG
> fail                    /usr/adm/*SYSLOG.auth   check for failed login  
> attempts (passwords
>                                                                         at  
> the login prompt; brute force attacks, etc)
> 
> Does anyone have other things you look for on a regular basis?

It is in general a bad idea to scan for interesting things. What should
be done in stead is filter out the non-interesting ones.

-Guido

Next message: Tracy R. Reed: "Re: searching logs for key phrases"
Previous message: Christopher Klaus: "S3"
Maybe in reply to: Mike Kienenberger: "searching logs for key phrases"
Next in thread: Tracy R. Reed: "Re: searching logs for key phrases"