|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: artificial ignorance: how-to guide
James W. Abendschan (jwa
jammed.com)
Wed, 24 Sep 1997 09:56:04 -0700 (PDT)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Bennett Todd: "Re: HTTP in practice"
- Previous message: Alfred Huger: "Re: Here is my plan for firewall implementation"
- In reply to: Paul D. Robertson: "Re: Here is my plan for firewall implementation"
- Next in thread: Neil Readwin: "Re: artificial ignorance: how-to guide"
On Tue, 23 Sep 1997, Marcus J. Ranum wrote:
> By request, here's a quick how-to on log scanning via
> artificial ignorance. :) It assumes UNIX and the presence
> of a good grep - you could use other stuff if you wanted to
> but this is just an example.
[ ... ]
I've written a tool called "checksyslog" which does
this, it's available from http://www.jammed.com/~jwa/Security/.
As mjr noted, this "artificial ignorance" technique has proved to
be unexpectedly useful (locating disk errors, strange DNS messages, wierd
"leap-seconds" messages from my Linux kernel, etc.)
Comments are appreciated.
James
-- James W. Abendschan jwa
- Next message: Bennett Todd: "Re: HTTP in practice"
- Previous message: Alfred Huger: "Re: Here is my plan for firewall implementation"
- In reply to: Paul D. Robertson: "Re: Here is my plan for firewall implementation"
- Next in thread: Neil Readwin: "Re: artificial ignorance: how-to guide"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT