[ Thanks to Trevor
Warren for this link. ]
“The first thing any intruder would do is to wipe out any tell
tale signs of intrusions. This task would be of high priority to
the cracker, so that there are no fingerprints to follow up on, or
no other leads that would eventually lead to disclosing the origin
of the attack. Therefore, a good system administrator will always
implement a log file monitor. There are various tools out there,
which will help you get this task done, among them being Logcheck
and Swatch. In this article we take a look the working and
implementation of Logcheck. The author of Logcheck is Craig H.
Rowland. As with most of the other Open Source projects, this too
is distributed under the GNU GPL license.”
“Logcheck is a software package that is designed to
automatically run and check system log files for security
violations and unusual activity. Logcheck uses a program called
logtail that remembers the last position it read from in a log file
and will use this position on subsequent runs to process new
information. All source code is available for review and the
implementation has been kept simple to avoid problems. This package
is a clone of the frequentcheck.sh script from the Trusted
Information Systems Gauntlet(tm) firewall package.”
“Auditing and logging on any system is of great significance as
it makes sure that a serious breach of any kind is always tracked.
What is great about Unix is that most modern implementations,
use the syslog facility to report extensively — if configured
and supported correctly — all happenings, good or bad on the
host system. This allows the creation of an audit trail that
can be used very effectively to subvert potential attacks and alert
system administrators. However, all this is of no use if the
system administrator has no time to look at the logs. One
reason for this is the very nature and quantity of logging
happening on a machine. We have known Systems Administrators
complaining about daily logs on machines, running to the tune of
more than 10 – 20 Megs — hardly an enviable task. This is where
logcheck will help. Logcheck automates the auditing process and
weeds out normal log information, to give you a condensed look at
problems and potential troublemakers mailed to wherever you
please.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.