Scott, For what its worth, make sure you also you email (or store off-machine) your logs on a scheduled basis. If you're logs ever do become messed with, or if they are just deleted, you'll have a chance of your old logs showing up interesting things (i.e. if an attacker did some reconnaisance beforehand). On Thu, 2003-01-02 at 16:34, Scott H wrote: > Well, yes, I can. But I don't WANT to exclude > these files. I want them monitored. I just dont > want the weekly log rotations to trigger this. > > > From: george@georgetoft.com > > You can specify which files to include/exclude > > in your tripwire config file. > > George > > > > Quoting Scott H : > > > So now that I'm an at-home Linux user that > > has > > > begun to use Linux at my company for servers > > > (formerly all was MS), I'm faced with *NIX > > admin > > > issues that are all new to me. Today's > > example > > > is: I have a RH7.3 server with tripwire > > installed > > > and a cron job that emails a tripwire report > > to > > > me daily. Works great. RH7.3 has a log > > rotation > > > system set up by default, and this works well > > > too, rotating the logs once per week. But > > of > > > course, tripwire notices each week and > > reports > > > that the log files have been changed (I'm > > > guessing it's the inode # that changes on > > these?) > > > and puts it in the report. Now, I want to > > know > > > if a cracker messes with my log files, of > > course, > > > so I DO want tripwire to monitor these files. > > > > > But I DON'T want tripwire to report on the > > > routine, weekly log file rotation, causing me > > to > > > have to go in and do an update on the > > tripwire > > > db. How do I fix this? > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss