[Logcheck-users] Problems noted in logcheck
Frank_Kenisky at psc.uscourts.gov
Frank_Kenisky at psc.uscourts.gov
Wed May 19 15:30:57 UTC 2010
We use logcheck in our systems. From time to time during what appears to
be large volumes of information I get emails with current and sometimes
dated traffic. Recently, we had a change to the system which created
quite a lot of 404 traffic.
I don't have a specific log analysis tool but use my own home grown tool.
I have all the emailed log files go to a log folder in my email client.
They are separated by server, this way I can gather all the entries for a
specific server and save them to a text file. I run a script to eliminate
the email headers and other noise not associated with the logs. I then
import this into excel which I have a macro set up to change it from text
to data.
Therefore the logs are from the current 24 hours period. Once in a while
after a huge amount of traffic, usually caused by something we did or
didn't do seems to cause this. My question is has any one experienced
this with log check in the past of it retrieving old traffic from
somewhere in syslog, if so where might it be coming from?
Frank Kenisky IV, CISSP, CISA, CISM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20100519/83957f81/attachment.htm>
More information about the Logcheck-users
mailing list