Logcheck parses system logs and generates email reports based on anomalies. Anomolies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
|Tags||Security Logging Monitoring|
|Operating Systems||POSIX Linux IRIX HP-UX BSD Solaris|
Release Notes: This release includes pacakging and documentation changes. Rulefile updates were done for smartd, sudoedit, dhcp, ipv6, openssh, oidentd, pdns, xinetd, saslauthd, postfix, spamassassin, dkfilter, anacron, dovecot, kdm, nagios, sympa, stunnel, squid, rsync, rsnapshot, proftpd, ntp, Linux kernel, cron, cron-apt, pppd, and squidguard.
Release Notes: This release includes packaging updates for Debian, and fixes quoting issues, lockfile issues, and issues related to naming rule-files. This version also includes rulefile updates for Linux kernel, Postfix, Exim4, smartd, ntpd, dhclient, and pop3ad.
Release Notes: This release includes readability checks to parts of logcheck that previously would cause it to exit without error. GNU find is now used in place of run-parts, as it accepts a greater range of filename characters. Also included are documentation enhancements and rulefile updates for exim, SSH, the Linux kernel, Hylafax, Postfix, snmpd, dovecot, su, cvs-pserver, Spamassassin, NTP, DHCP, dspam, and cron-apt.
Release Notes: The rules were updated for dccproc, bind, nfs, cyrus-imapd, ssh, linux-usb, horde3, imp4, exim4, mon, dovecot, polyaudio, tftpd, proftpd, nagios, popa3d, anvil, spamd, postfix, and hylafax. Some conveniences, sanity checks, and defaults were added. Documentation for installing from source was added.
Release Notes: This release includes rule file updates for Postfix, innd, gpsd, Cyrus notifyd, Squid, SSH, the Linux kernel, dkfilter, ovpn-tunnel, exim4, AMANDA, gconfd, mailman, rbldnsd, GDm, courier, pdns, CVS, CUPS, and HORDE3, as well as several updates to the Debian package. Logcheck now includes a Vietnamese translation, and no longer requires a valid hostname to be set. Some documentation has been converted to markdown syntax.