[ale] Logcheck vs Logwatch

attriel attriel at d20boards.net
Mon Dec 20 11:56:21 EST 2004


> 186 messages sent is nothing.  If you had been "hacked to use as a
> spam relay" you'd see 10,000-1,000,000 messages sent.  Keep an eye
> on the logs (preferably using Logcheck instead of LogWatch), but I
> don't see this as evidence of any problems.

How is Logcheck better than Logwatch?  I'm setting up a system with a
loghost machine (w/o external access; it accepts ONLY syslog UDP packets,
on an internal network) and I was looking at logwatch and logcheck (and
swatch), and decided that logwatch seemed to be a better mechanism for
getting information and statistics for at least basic filtering, and
figured anything "unexpected" could be then tracked more manually

Is logcheck (that's the logsentry one right?) really better?

--attriel



More information about the Ale mailing list