[ Thanks to Jeremy C.
Reed for this link. ]
“…Logcheck — Psionic’s system log reporting tool. It can
run as a stand alone or as a adjunct to Portsentry. The following
setup routine works for use as either.”
“There are a couple of things you should do before installing
logcheck. The first is to make sure that syslogd is running. Unless
you have specifically killed its pid, it’s running. Use “top” if
you want to make sure. The other is to confirm where your messages
file is located. In most of the *NIX’s, it is beneath
/var/log/.”
“If you need to modify the way logcheck behaves, the whole
configuration section of the logcheck.conf file is reasonably easy
to understand. The accompanying documentation is written by Craig
Rowland, the author of Portsentry and logcheck. There are a couple
of warnings he gives — the most notable is that all logs should be
run chmod 600, owner root, group wheel. The primary reason for this
is that your system logs are something that the average script
kiddie would love to have, as nearly the entire structure of your
system can be given up over time. You don’t want anyone but root
accessing these.”