[Logcheck-devel] no such user

Todd Troxell ttroxell at debian.org
Tue Jul 11 15:40:47 UTC 2006


On Wed, Jul 05, 2006 at 11:29:20PM +0200, martin f krafft wrote:
> > empty mails might give the users a sense of security although the
> > host has been breached. anyway logcheck is not a realtime monitor.
> > happy to hear your thought so that we can better focus on what
> > logcheck should do.
> 
> anomalies pretty much sums it up. Scans are not anomalies anymore.

Excuse the late reply, but yeah, agreed.  As maks mentioned, previously the
policy was to report unknown user scans, but it's no longer a stastical
anamoly on the average system.  

-- 
Todd Troxell
http://rapidpacket.com/~xtat




More information about the Logcheck-devel mailing list