BSD Today: Running logcheck, the logfile auditing software for UnixAug 03, 2000, 17:38 (0 Talkback[s])
(Other stories by Clifford Smith)
[ Thanks to Jeremy C. Reed for this link. ]
"...Logcheck -- Psionic's system log reporting tool. It can run as a stand alone or as a adjunct to Portsentry. The following setup routine works for use as either."
"There are a couple of things you should do before installing logcheck. The first is to make sure that syslogd is running. Unless you have specifically killed its pid, it's running. Use "top" if you want to make sure. The other is to confirm where your messages file is located. In most of the *NIX's, it is beneath /var/log/."
"If you need to modify the way logcheck behaves, the whole configuration section of the logcheck.conf file is reasonably easy to understand. The accompanying documentation is written by Craig Rowland, the author of Portsentry and logcheck. There are a couple of warnings he gives -- the most notable is that all logs should be run chmod 600, owner root, group wheel. The primary reason for this is that your system logs are something that the average script kiddie would love to have, as nearly the entire structure of your system can be given up over time. You don't want anyone but root accessing these."