|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: solaris 251 & syslogd
Michael Helm (helm
fionn.es.net)Sat, 15 Nov 1997 14:14:42 -0800
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: David Neil: "pppd security hole Re: i386/344 (fwd)"
- Previous message: Lloyd Vancil: "Re: Preliminary Notice: Cisco LocalDirector enable password loss"
- In reply to: Dave Kinchlea: "Re: solaris 251 & syslogd"
Dave Kinchlea writes: > Assuming you have some real-time monitoring of syslog output, all > you need to do is adjust the monitoring so that you expect to see *some* This is good advice. But.... I guess this is more of a "RISK" albeit a small one rather than a security issue or BUGTRAQ-worthy bug, but most syslog monitors, most monitors of every kind, look for events -- not non-events. I'm not sure how I could get swatch to look for the absence of mark messages. I'm sure we could all think of other circumstances when we'd like to know when something wasn't happening, but the facility to do so wasn't there (the mail hub stops accepting mail, the terminal server stops accepting connections &c). Something to think about when designing a system.
- Next message: David Neil: "pppd security hole Re: i386/344 (fwd)"
- Previous message: Lloyd Vancil: "Re: Preliminary Notice: Cisco LocalDirector enable password loss"
- In reply to: Dave Kinchlea: "Re: solaris 251 & syslogd"