Re: solaris 251 & syslogd

Michael Helm (helm@fionn.es.net)
Sat, 15 Nov 1997 14:14:42 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Neil: "pppd security hole Re: i386/344 (fwd)"
Previous message: John McDonald: "(more) DU V4.0 security hole (fwd)"
Maybe in reply to: Michael Helm: "solaris 251 & syslogd"

Dave Kinchlea writes:
> Assuming you have some real-time monitoring of syslog output, all
> you need to do is adjust the monitoring so that you expect to see *some*

This is good advice. But....

I guess this is more of a "RISK" albeit a small one rather than a
security issue or BUGTRAQ-worthy bug, but most syslog monitors,
most monitors of every kind, look for events --
not non-events. I'm not sure how I could get swatch to look
for the absence of mark messages. I'm sure we could all think
of other circumstances when we'd like to know when something
wasn't happening, but the facility to do so wasn't there
(the mail hub stops accepting mail, the terminal server
stops accepting connections &c). Something to think about
when designing a system.

Next message: David Neil: "pppd security hole Re: i386/344 (fwd)"
Previous message: John McDonald: "(more) DU V4.0 security hole (fwd)"
Maybe in reply to: Michael Helm: "solaris 251 & syslogd"