Script started on Sun Nov 24 15:24:42 2002
]0;barrie@magnolia:~/scripts[barrie@magnolia scripts]$ [barrie@magnolia scripts]$ [barrie@magnolia scripts]$ w[barrie@magnolia scripts]$ w[barrie@magnolia scripts]$ wh[barrie@magnolia scripts]$ wh[barrie@magnolia scripts]$ whi[barrie@magnolia scripts]$ whi[barrie@magnolia scripts]$ whic[barrie@magnolia scripts]$ whic[barrie@magnolia scripts]$ which[barrie@magnolia scripts]$ which[barrie@magnolia scripts]$ which [barrie@magnolia scripts]$ which [barrie@magnolia scripts]$ which l[barrie@magnolia scripts]$ which l[barrie@magnolia scripts]$ which lo[barrie@magnolia scripts]$ which lo[barrie@magnolia scripts]$ which log[barrie@magnolia scripts]$ which log[barrie@magnolia scripts]$ which logc[barrie@magnolia scripts]$ which logc[barrie@magnolia scripts]$ which logch[barrie@magnolia scripts]$ which logch[barrie@magnolia scripts]$ which logche[barrie@magnolia scripts]$ which logche[barrie@magnolia scripts]$ which logchec[barrie@magnolia scripts]$ which logchec[barrie@magnolia scripts]$ which logcheck[barrie@magnolia scripts]$ which logcheck
/usr/bin/which: no logcheck in (/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/sbin:/usr/sbin:/usr/local/sbin:/home/barrie/bin:/usr/local/mysql/bin)
]0;barrie@magnolia:~/scripts[barrie@magnolia scripts]$ [barrie@magnolia scripts]$ [barrie@magnolia scripts]$ r[barrie@magnolia scripts]$ r[barrie@magnolia scripts]$ rp[barrie@magnolia scripts]$ rp[barrie@magnolia scripts]$ rpm[barrie@magnolia scripts]$ rpm[barrie@magnolia scripts]$ rpm [barrie@magnolia scripts]$ rpm [barrie@magnolia scripts]$ rpm -[barrie@magnolia scripts]$ rpm -[barrie@magnolia scripts]$ rpm -q[barrie@magnolia scripts]$ rpm -q[barrie@magnolia scripts]$ rpm -qi[barrie@magnolia scripts]$ rpm -qi[barrie@magnolia scripts]$ rpm -qi [barrie@magnolia scripts]$ rpm -qi [barrie@magnolia scripts]$ rpm -qi r[barrie@magnolia scripts]$ rpm -qi r[barrie@magnolia scripts]$ rpm -qi rp[barrie@magnolia scripts]$ rpm -qi rp[barrie@magnolia scripts]$ rpm -qi rpm[barrie@magnolia scripts]$ rpm -qi rpm[barrie@magnolia scripts]$ rpm -qi rp[K[barrie@magnolia scripts]$ rpm -qi rp[barrie@magnolia scripts]$ rpm -qi r[K[barrie@magnolia scripts]$ rpm -qi r[barrie@magnolia scripts]$ rpm -qi [K[barrie@magnolia scripts]$ rpm -qi [barrie@magnolia scripts]$ rpm -qi l[barrie@magnolia scripts]$ rpm -qi l[barrie@magnolia scripts]$ rpm -qi [K[barrie@magnolia scripts]$ rpm -qi [barrie@magnolia scripts]$ rpm -qi[K[barrie@magnolia scripts]$ rpm -qi[barrie@magnolia scripts]$ rpm -q[K[barrie@magnolia scripts]$ rpm -q[barrie@magnolia scripts]$ rpm -qp[barrie@magnolia scripts]$ rpm -qp[barrie@magnolia scripts]$ rpm -qpi[barrie@magnolia scripts]$ rpm -qpi[barrie@magnolia scripts]$ rpm -qpi [barrie@magnolia scripts]$ rpm -qpi [barrie@magnolia scripts]$ rpm -qpi l[barrie@magnolia scripts]$ rpm -qpi l[barrie@magnolia scripts]$ rpm -qpi lo[barrie@magnolia scripts]$ rpm -qpi lo[barrie@magnolia scripts]$ rpm -qpi log[barrie@magnolia scripts]$ rpm -qpi log[barrie@magnolia scripts]$ rpm -qpi logc[barrie@magnolia scripts]$ rpm -qpi logc[barrie@magnolia scripts]$ rpm -qpi logch[barrie@magnolia scripts]$ rpm -qpi logch[barrie@magnolia scripts]$ rpm -qpi logche[barrie@magnolia scripts]$ rpm -qpi logche[barrie@magnolia scripts]$ rpm -qpi logchec[barrie@magnolia scripts]$ rpm -qpi logchec[barrie@magnolia scripts]$ rpm -qpi logcheck[barrie@magnolia scripts]$ rpm -qpi logcheck
error: open of logcheck failed: No such file or directory
]0;barrie@magnolia:~/scripts[barrie@magnolia scripts]$ [barrie@magnolia scripts]$ [barrie@magnolia scripts]$ r[barrie@magnolia scripts]$ r[barrie@magnolia scripts]$ rp[barrie@magnolia scripts]$ rp[barrie@magnolia scripts]$ rpm[barrie@magnolia scripts]$ rpm[barrie@magnolia scripts]$ rpm [barrie@magnolia scripts]$ rpm [barrie@magnolia scripts]$ rpm -[barrie@magnolia scripts]$ rpm -[barrie@magnolia scripts]$ rpm -q[barrie@magnolia scripts]$ rpm -q[barrie@magnolia scripts]$ rpm -qi[barrie@magnolia scripts]$ rpm -qi[barrie@magnolia scripts]$ rpm -qi [barrie@magnolia scripts]$ rpm -qi [barrie@magnolia scripts]$ rpm -qi l[barrie@magnolia scripts]$ rpm -qi l[barrie@magnolia scripts]$ rpm -qi lo[barrie@magnolia scripts]$ rpm -qi lo[barrie@magnolia scripts]$ rpm -qi log[barrie@magnolia scripts]$ rpm -qi log[barrie@magnolia scripts]$ rpm -qi lo[K[barrie@magnolia scripts]$ rpm -qi lo[barrie@magnolia scripts]$ rpm -qi l[K[barrie@magnolia scripts]$ rpm -qi l[barrie@magnolia scripts]$ rpm -qi [K[barrie@magnolia scripts]$ rpm -qi [barrie@magnolia scripts]$ rpm -qi[K[barrie@magnolia scripts]$ rpm -qi[barrie@magnolia scripts]$ rpm -q[K[barrie@magnolia scripts]$ rpm -q[barrie@magnolia scripts]$ rpm -q [barrie@magnolia scripts]$ rpm -q [barrie@magnolia scripts]$ rpm -q l[barrie@magnolia scripts]$ rpm -q l[barrie@magnolia scripts]$ rpm -q lo[barrie@magnolia scripts]$ rpm -q lo[barrie@magnolia scripts]$ rpm -q log[barrie@magnolia scripts]$ rpm -q log[barrie@magnolia scripts]$ rpm -q logc[barrie@magnolia scripts]$ rpm -q logc[barrie@magnolia scripts]$ rpm -q logch[barrie@magnolia scripts]$ rpm -q logch[barrie@magnolia scripts]$ rpm -q logche[barrie@magnolia scripts]$ rpm -q logche[barrie@magnolia scripts]$ rpm -q logchec[barrie@magnolia scripts]$ rpm -q logchec[barrie@magnolia scripts]$ rpm -q logcheck[barrie@magnolia scripts]$ rpm -q logcheck
package logcheck is not installed
]0;barrie@magnolia:~/scripts[barrie@magnolia scripts]$ [barrie@magnolia scripts]$ [barrie@magnolia scripts]$ l[barrie@magnolia scripts]$ l[barrie@magnolia scripts]$ lo[barrie@magnolia scripts]$ lo[barrie@magnolia scripts]$ loc[barrie@magnolia scripts]$ loc[barrie@magnolia scripts]$ loca[barrie@magnolia scripts]$ loca[barrie@magnolia scripts]$ locat[barrie@magnolia scripts]$ locat[barrie@magnolia scripts]$ locate[barrie@magnolia scripts]$ locate[barrie@magnolia scripts]$ locate [barrie@magnolia scripts]$ locate [barrie@magnolia scripts]$ locate l[barrie@magnolia scripts]$ locate l[barrie@magnolia scripts]$ locate lo[barrie@magnolia scripts]$ locate lo[barrie@magnolia scripts]$ locate log[barrie@magnolia scripts]$ locate log[barrie@magnolia scripts]$ locate logc[barrie@magnolia scripts]$ locate logc[barrie@magnolia scripts]$ locate logch[barrie@magnolia scripts]$ locate logch[barrie@magnolia scripts]$ locate logche[barrie@magnolia scripts]$ locate logche[barrie@magnolia scripts]$ locate logchec[barrie@magnolia scripts]$ locate logchec[barrie@magnolia scripts]$ locate logcheck[barrie@magnolia scripts]$ locate logcheck
]0;barrie@magnolia:~/scripts[barrie@magnolia scripts]$ [barrie@magnolia scripts]$ [barrie@magnolia scripts]$ l[barrie@magnolia scripts]$ l[barrie@magnolia scripts]$ ly[barrie@magnolia scripts]$ ly[barrie@magnolia scripts]$ lyn[barrie@magnolia scripts]$ lyn[barrie@magnolia scripts]$ lynx[barrie@magnolia scripts]$ lynx[barrie@magnolia scripts]$ lynx [barrie@magnolia scripts]$ lynx [barrie@magnolia scripts]$ lynx[K[barrie@magnolia scripts]$ lynx[barrie@magnolia scripts]$ lyn[K[barrie@magnolia scripts]$ lyn[barrie@magnolia scripts]$ ly[K[barrie@magnolia scripts]$ ly[barrie@magnolia scripts]$ l[K[barrie@magnolia scripts]$ l[barrie@magnolia scripts]$ [K[barrie@magnolia scripts]$ [barrie@magnolia scripts]$ w[barrie@magnolia scripts]$ w[barrie@magnolia scripts]$ wg[barrie@magnolia scripts]$ wg[barrie@magnolia scripts]$ wge[barrie@magnolia scripts]$ wge[barrie@magnolia scripts]$ wget[barrie@magnolia scripts]$ wget[barrie@magnolia scripts]$ wget [barrie@magnolia scripts]$ wget [barrie@magnolia scripts]$ wget h[barrie@magnolia scripts]$ wget h[barrie@magnolia scripts]$ wget ht[barrie@magnolia scripts]$ wget ht[barrie@magnolia scripts]$ wget htt[barrie@magnolia scripts]$ wget htt[barrie@magnolia scripts]$ wget http[barrie@magnolia scripts]$ wget http[barrie@magnolia scripts]$ wget http:[barrie@magnolia scripts]$ wget http:[barrie@magnolia scripts]$ wget http:/[barrie@magnolia scripts]$ wget http:/[barrie@magnolia scripts]$ wget http://[barrie@magnolia scripts]$ wget http://[barrie@magnolia scripts]$ wget http://w[barrie@magnolia scripts]$ wget http://w[barrie@magnolia scripts]$ wget http://ww[barrie@magnolia scripts]$ wget http://ww[barrie@magnolia scripts]$ wget http://www[barrie@magnolia scripts]$ wget http://www[barrie@magnolia scripts]$ wget http://www.[barrie@magnolia scripts]$ wget http://www.[barrie@magnolia scripts]$ wget http://www.p[barrie@magnolia scripts]$ wget http://www.p[barrie@magnolia scripts]$ wget http://www.ps[barrie@magnolia scripts]$ wget http://www.ps[barrie@magnolia scripts]$ wget http://www.psi[barrie@magnolia scripts]$ wget http://www.psi[barrie@magnolia scripts]$ wget http://www.psio[barrie@magnolia scripts]$ wget http://www.psio[barrie@magnolia scripts]$ wget http://www.psion[barrie@magnolia scripts]$ wget http://www.psion[barrie@magnolia scripts]$ wget http://www.psioni[barrie@magnolia scripts]$ wget http://www.psioni[barrie@magnolia scripts]$ wget http://www.psionic[barrie@magnolia scripts]$ wget http://www.psionic[barrie@magnolia scripts]$ wget http://www.psionic.[barrie@magnolia scripts]$ wget http://www.psionic.[barrie@magnolia scripts]$ wget http://www.psionic.c[barrie@magnolia scripts]$ wget http://www.psionic.c[barrie@magnolia scripts]$ wget http://www.psionic.co[barrie@magnolia scripts]$ wget http://www.psionic.co[barrie@magnolia scripts]$ wget http://www.psionic.com[barrie@magnolia scripts]$ wget http://www.psionic.com[barrie@magnolia scripts]$ wget http://www.psionic.com/[barrie@magnolia scripts]$ wget http://www.psionic.com/[barrie@magnolia scripts]$ wget http://www.psionic.com/a[barrie@magnolia scripts]$ wget http://www.psionic.com/a[barrie@magnolia scripts]$ wget http://www.psionic.com/ab[barrie@magnolia scripts]$ wget http://www.psionic.com/ab[barrie@magnolia scripts]$ wget http://www.psionic.com/aba[barrie@magnolia scripts]$ wget http://www.psionic.com/aba[barrie@magnolia scripts]$ wget http://www.psionic.com/abac[barrie@magnolia scripts]$ wget http://www.psionic.com/abac[barrie@magnolia scripts]$ wget http://www.psionic.com/abacu[barrie@magnolia scripts]$ wget http://www.psionic.com/abacu[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/l[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/l[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/lo[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/lo[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/log[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/log[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logc[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logc[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logch[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logch[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logche[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logche[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logchec[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logchec[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logcheck[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logcheck[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logcheck/[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logcheck/[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logcheck[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logcheck[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logchec[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logchec[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logche[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logche[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logch[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logch[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logc[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/logc[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/log[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/log[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/lo[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/lo[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/l[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/l[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus/[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacus[barrie@magnolia scripts]$ wget http://www.psionic.com/abacu[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abacu[barrie@magnolia scripts]$ wget http://www.psionic.com/abac[K[barrie@magnolia scripts]$ wget http://www.psionic.com/abac[barrie@magnolia scripts]$ wget http://www.psionic.com/aba[K[barrie@magnolia scripts]$ wget http://www.psionic.com/aba[barrie@magnolia scripts]$ wget http://www.psionic.com/ab[K[barrie@magnolia scripts]$ wget http://www.psionic.com/ab[barrie@magnolia scripts]$ wget http://www.psionic.com/a[K[barrie@magnolia scripts]$ wget http://www.psionic.com/a[barrie@magnolia scripts]$ wget http://www.psionic.com/[K[barrie@magnolia scripts]$ wget http://www.psionic.com/[barrie@magnolia scripts]$ wget http://www.psionic.com[K[barrie@magnolia scripts]$ wget http://www.psionic.com[barrie@magnolia scripts]$ wget http://www.psionic.co[K[barrie@magnolia scripts]$ wget http://www.psionic.co[barrie@magnolia scripts]$ wget http://www.psionic.c[K[barrie@magnolia scripts]$ wget http://www.psionic.c[barrie@magnolia scripts]$ wget http://www.psionic.[K[barrie@magnolia scripts]$ wget http://www.psionic.[barrie@magnolia scripts]$ wget http://www.psionic[K[barrie@magnolia scripts]$ wget http://www.psionic[barrie@magnolia scripts]$ wget http://www.psioni[K[barrie@magnolia scripts]$ wget http://www.psioni[barrie@magnolia scripts]$ wget http://www.psion[K[barrie@magnolia scripts]$ wget http://www.psion[barrie@magnolia scripts]$ wget http://www.psio[K[barrie@magnolia scripts]$ wget http://www.psio[barrie@magnolia scripts]$ wget http://www.psi[K[barrie@magnolia scripts]$ wget http://www.psi[barrie@magnolia scripts]$ wget http://www.ps[K[barrie@magnolia scripts]$ wget http://www.ps[barrie@magnolia scripts]$ wget http://www.p[K[barrie@magnolia scripts]$ wget http://www.p[barrie@magnolia scripts]$ wget http://www.[K[barrie@magnolia scripts]$ wget http://www.[barrie@magnolia scripts]$ wget http://www[K[barrie@magnolia scripts]$ wget http://www[barrie@magnolia scripts]$ wget http://ww[K[barrie@magnolia scripts]$ wget http://ww[barrie@magnolia scripts]$ wget http://w[K[barrie@magnolia scripts]$ wget http://w[barrie@magnolia scripts]$ wget http://[K[barrie@magnolia scripts]$ wget http://[barrie@magnolia scripts]$ wget http:/[K[barrie@magnolia scripts]$ wget http:/[barrie@magnolia scripts]$ wget http:[K[barrie@magnolia scripts]$ wget http:[barrie@magnolia scripts]$ wget http[K[barrie@magnolia scripts]$ wget http[barrie@magnolia scripts]$ wget htt[K[barrie@magnolia scripts]$ wget htt[barrie@magnolia scripts]$ wget ht[K[barrie@magnolia scripts]$ wget ht[barrie@magnolia scripts]$ wget h[K[barrie@magnolia scripts]$ wget h[barrie@magnolia scripts]$ wget [K[barrie@magnolia scripts]$ wget [barrie@magnolia scripts]$ wget[K[barrie@magnolia scripts]$ wget[barrie@magnolia scripts]$ wge[K[barrie@magnolia scripts]$ wge[barrie@magnolia scripts]$ wg[K[barrie@magnolia scripts]$ wg[barrie@magnolia scripts]$ w[K[barrie@magnolia scripts]$ w[barrie@magnolia scripts]$ [K[barrie@magnolia scripts]$ [barrie@magnolia scripts]$ [barrie@magnolia scripts]$ c[barrie@magnolia scripts]$ c[barrie@magnolia scripts]$ cd[barrie@magnolia scripts]$ cd[barrie@magnolia scripts]$ cd [barrie@magnolia scripts]$ cd [barrie@magnolia scripts]$ cd /[barrie@magnolia scripts]$ cd /[barrie@magnolia scripts]$ cd [K[barrie@magnolia scripts]$ cd [barrie@magnolia scripts]$ cd .[barrie@magnolia scripts]$ cd .[barrie@magnolia scripts]$ cd ..[barrie@magnolia scripts]$ cd ..[barrie@magnolia scripts]$ cd ../[barrie@magnolia scripts]$ cd ../[barrie@magnolia scripts]$ cd ../t[barrie@magnolia scripts]$ cd ../t[barrie@magnolia scripts]$ cd ../tm[barrie@magnolia scripts]$ cd ../tm[barrie@magnolia scripts]$ cd ../tmp[barrie@magnolia scripts]$ cd ../tmp
]0;barrie@magnolia:~/tmp[barrie@magnolia tmp]$ [barrie@magnolia tmp]$ [barrie@magnolia tmp]$ w[barrie@magnolia tmp]$ w[barrie@magnolia tmp]$ wg[barrie@magnolia tmp]$ wg[barrie@magnolia tmp]$ wge[barrie@magnolia tmp]$ wge[barrie@magnolia tmp]$ wget[barrie@magnolia tmp]$ wget[barrie@magnolia tmp]$ wget [barrie@magnolia tmp]$ wget [barrie@magnolia tmp]$ wget h[barrie@magnolia tmp]$ wget h[barrie@magnolia tmp]$ wget ht[barrie@magnolia tmp]$ wget ht[barrie@magnolia tmp]$ wget htt[barrie@magnolia tmp]$ wget htt[barrie@magnolia tmp]$ wget http[barrie@magnolia tmp]$ wget http[barrie@magnolia tmp]$ wget http:[barrie@magnolia tmp]$ wget http:[barrie@magnolia tmp]$ wget http:/[barrie@magnolia tmp]$ wget http:/[barrie@magnolia tmp]$ wget http://[barrie@magnolia tmp]$ wget http://[barrie@magnolia tmp]$ wget http://w[barrie@magnolia tmp]$ wget http://w[barrie@magnolia tmp]$ wget http://ww[barrie@magnolia tmp]$ wget http://ww[barrie@magnolia tmp]$ wget http://www[barrie@magnolia tmp]$ wget http://www[barrie@magnolia tmp]$ wget http://www.[barrie@magnolia tmp]$ wget http://www.[barrie@magnolia tmp]$ wget http://www.p[barrie@magnolia tmp]$ wget http://www.p[barrie@magnolia tmp]$ wget http://www.ps[barrie@magnolia tmp]$ wget http://www.ps[barrie@magnolia tmp]$ wget http://www.psi[barrie@magnolia tmp]$ wget http://www.psi[barrie@magnolia tmp]$ wget http://www.psio[barrie@magnolia tmp]$ wget http://www.psio[barrie@magnolia tmp]$ wget http://www.psion[barrie@magnolia tmp]$ wget http://www.psion[barrie@magnolia tmp]$ wget http://www.psioni[barrie@magnolia tmp]$ wget http://www.psioni[barrie@magnolia tmp]$ wget http://www.psionic[barrie@magnolia tmp]$ wget http://www.psionic[barrie@magnolia tmp]$ wget http://www.psionic.[barrie@magnolia tmp]$ wget http://www.psionic.[barrie@magnolia tmp]$ wget http://www.psionic.c[barrie@magnolia tmp]$ wget http://www.psionic.c[barrie@magnolia tmp]$ wget http://www.psionic.co[barrie@magnolia tmp]$ wget http://www.psionic.co[barrie@magnolia tmp]$ wget http://www.psionic.com[barrie@magnolia tmp]$ wget http://www.psionic.com[barrie@magnolia tmp]$ wget http://www.psionic.com/[barrie@magnolia tmp]$ wget http://www.psionic.com/[barrie@magnolia tmp]$ wget http://www.psionic.com/d[barrie@magnolia tmp]$ wget http://www.psionic.com/d[barrie@magnolia tmp]$ wget http://www.psionic.com/do[barrie@magnolia tmp]$ wget http://www.psionic.com/do[barrie@magnolia tmp]$ wget http://www.psionic.com/dow[barrie@magnolia tmp]$ wget http://www.psionic.com/dow[barrie@magnolia tmp]$ wget http://www.psionic.com/down[barrie@magnolia tmp]$ wget http://www.psionic.com/down[barrie@magnolia tmp]$ wget http://www.psionic.com/downl[barrie@magnolia tmp]$ wget http://www.psionic.com/downl[barrie@magnolia tmp]$ wget http://www.psionic.com/downlo[barrie@magnolia tmp]$ wget http://www.psionic.com/downlo[barrie@magnolia tmp]$ wget http://www.psionic.com/downloa[barrie@magnolia tmp]$ wget http://www.psionic.com/downloa[barrie@magnolia tmp]$ wget http://www.psionic.com/download[barrie@magnolia tmp]$ wget http://www.psionic.com/download[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/p[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/p[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/po[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/po[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/por[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/por[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/port[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/port[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/ports[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/ports[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portse[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portse[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsen[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsen[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsent[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsent[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentr[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentr[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1.t[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1.t[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1.ta[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1.ta[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1.tar[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1.tar[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/portsentry-1.1.tar. gggzgz
--16:00:19--  http://www.psionic.com/downloads/portsentry-1.1.tar.gz
           => `portsentry-1.1.tar.gz'
Resolving www.psionic.com... done.
Connecting to www.psionic.com[216.141.86.16]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 45,871 [application/x-tar]

 0% [                                     ] 0             --.--K/s    ETA --:-- 6% [=>                                   ] 3,177         13.04K/s    ETA 00:0320% [======>                              ] 9,177         19.78K/s    ETA 00:0133% [===========>                         ] 15,177        21.86K/s    ETA 00:0151% [==================>                  ] 23,677        26.07K/s    ETA 00:0076% [===========================>         ] 35,268        30.72K/s    ETA 00:0091% [=================================>   ] 42,177        30.09K/s    ETA 00:00100%[====================================>] 45,871        31.00K/s    ETA 00:00

16:00:21 (31.00 KB/s) - `portsentry-1.1.tar.gz' saved [45871/45871]

]0;barrie@magnolia:~/tmp[barrie@magnolia tmp]$ [barrie@magnolia tmp]$ [barrie@magnolia tmp]$ w[barrie@magnolia tmp]$ w[barrie@magnolia tmp]$ we[barrie@magnolia tmp]$ we[barrie@magnolia tmp]$ w[K[barrie@magnolia tmp]$ w[barrie@magnolia tmp]$ wg[barrie@magnolia tmp]$ wg[barrie@magnolia tmp]$ wge[barrie@magnolia tmp]$ wge[barrie@magnolia tmp]$ wget[barrie@magnolia tmp]$ wget[barrie@magnolia tmp]$ wget [barrie@magnolia tmp]$ wget [barrie@magnolia tmp]$ wget h[barrie@magnolia tmp]$ wget h[barrie@magnolia tmp]$ wget ht[barrie@magnolia tmp]$ wget ht[barrie@magnolia tmp]$ wget htt[barrie@magnolia tmp]$ wget htt[barrie@magnolia tmp]$ wget http[barrie@magnolia tmp]$ wget http[barrie@magnolia tmp]$ wget http:[barrie@magnolia tmp]$ wget http:[barrie@magnolia tmp]$ wget http:/[barrie@magnolia tmp]$ wget http:/[barrie@magnolia tmp]$ wget http://[barrie@magnolia tmp]$ wget http://[barrie@magnolia tmp]$ wget http://w[barrie@magnolia tmp]$ wget http://w[barrie@magnolia tmp]$ wget http://ww[barrie@magnolia tmp]$ wget http://ww[barrie@magnolia tmp]$ wget http://www[barrie@magnolia tmp]$ wget http://www[barrie@magnolia tmp]$ wget http://www.[barrie@magnolia tmp]$ wget http://www.[barrie@magnolia tmp]$ wget http://www.p[barrie@magnolia tmp]$ wget http://www.p[barrie@magnolia tmp]$ wget http://www.ps[barrie@magnolia tmp]$ wget http://www.ps[barrie@magnolia tmp]$ wget http://www.psi[barrie@magnolia tmp]$ wget http://www.psi[barrie@magnolia tmp]$ wget http://www.psio[barrie@magnolia tmp]$ wget http://www.psio[barrie@magnolia tmp]$ wget http://www.psion[barrie@magnolia tmp]$ wget http://www.psion[barrie@magnolia tmp]$ wget http://www.psioni[barrie@magnolia tmp]$ wget http://www.psioni[barrie@magnolia tmp]$ wget http://www.psionic[barrie@magnolia tmp]$ wget http://www.psionic[barrie@magnolia tmp]$ wget http://www.psionic.[barrie@magnolia tmp]$ wget http://www.psionic.[barrie@magnolia tmp]$ wget http://www.psionic.c[barrie@magnolia tmp]$ wget http://www.psionic.c[barrie@magnolia tmp]$ wget http://www.psionic.co[barrie@magnolia tmp]$ wget http://www.psionic.co[barrie@magnolia tmp]$ wget http://www.psionic.com[barrie@magnolia tmp]$ wget http://www.psionic.com[barrie@magnolia tmp]$ wget http://www.psionic.com/[barrie@magnolia tmp]$ wget http://www.psionic.com/[barrie@magnolia tmp]$ wget http://www.psionic.com/d[barrie@magnolia tmp]$ wget http://www.psionic.com/d[barrie@magnolia tmp]$ wget http://www.psionic.com/do[barrie@magnolia tmp]$ wget http://www.psionic.com/do[barrie@magnolia tmp]$ wget http://www.psionic.com/dow[barrie@magnolia tmp]$ wget http://www.psionic.com/dow[barrie@magnolia tmp]$ wget http://www.psionic.com/down[barrie@magnolia tmp]$ wget http://www.psionic.com/down[barrie@magnolia tmp]$ wget http://www.psionic.com/downl[barrie@magnolia tmp]$ wget http://www.psionic.com/downl[barrie@magnolia tmp]$ wget http://www.psionic.com/downlo[barrie@magnolia tmp]$ wget http://www.psionic.com/downlo[barrie@magnolia tmp]$ wget http://www.psionic.com/downloa[barrie@magnolia tmp]$ wget http://www.psionic.com/downloa[barrie@magnolia tmp]$ wget http://www.psionic.com/download[barrie@magnolia tmp]$ wget http://www.psionic.com/download[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/l[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/l[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/lo[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/lo[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/log[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/log[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logs[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logs[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logse[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logse[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsen[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsen[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsent[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsent[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentr[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentr[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.1[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.1[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.1.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.1.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.1.t[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.1.t[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.1.ta[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.1.ta[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/logsentry-1.1.1.tar ...g.g.gz.gz
--16:00:48--  http://www.psionic.com/downloads/logsentry-1.1.1.tar.gz
           => `logsentry-1.1.1.tar.gz'
Resolving www.psionic.com... done.
Connecting to www.psionic.com[216.141.86.16]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 30,267 [application/x-tar]

 0% [                                     ] 0             --.--K/s    ETA --:--17% [=====>                               ] 5,177         25.28K/s    ETA 00:0030% [==========>                          ] 9,177         22.24K/s    ETA 00:0053% [==================>                  ] 16,177        25.44K/s    ETA 00:0091% [================================>    ] 27,677        32.02K/s    ETA 00:00100%[====================================>] 30,267        29.53K/s    ETA 00:00

16:00:49 (29.53 KB/s) - `logsentry-1.1.1.tar.gz' saved [30267/30267]

]0;barrie@magnolia:~/tmp[barrie@magnolia tmp]$ [barrie@magnolia tmp]$ [barrie@magnolia tmp]$ w[barrie@magnolia tmp]$ w[barrie@magnolia tmp]$ wg[barrie@magnolia tmp]$ wg[barrie@magnolia tmp]$ wge[barrie@magnolia tmp]$ wge[barrie@magnolia tmp]$ wget[barrie@magnolia tmp]$ wget[barrie@magnolia tmp]$ wget [barrie@magnolia tmp]$ wget [barrie@magnolia tmp]$ wget h[barrie@magnolia tmp]$ wget h[barrie@magnolia tmp]$ wget ht[barrie@magnolia tmp]$ wget ht[barrie@magnolia tmp]$ wget htt[barrie@magnolia tmp]$ wget htt[barrie@magnolia tmp]$ wget http[barrie@magnolia tmp]$ wget http[barrie@magnolia tmp]$ wget http:[barrie@magnolia tmp]$ wget http:[barrie@magnolia tmp]$ wget http:/[barrie@magnolia tmp]$ wget http:/[barrie@magnolia tmp]$ wget http://[barrie@magnolia tmp]$ wget http://[barrie@magnolia tmp]$ wget http://w[barrie@magnolia tmp]$ wget http://w[barrie@magnolia tmp]$ wget http://ww[barrie@magnolia tmp]$ wget http://ww[barrie@magnolia tmp]$ wget http://www[barrie@magnolia tmp]$ wget http://www[barrie@magnolia tmp]$ wget http://www.[barrie@magnolia tmp]$ wget http://www.[barrie@magnolia tmp]$ wget http://www.p[barrie@magnolia tmp]$ wget http://www.p[barrie@magnolia tmp]$ wget http://www.ps[barrie@magnolia tmp]$ wget http://www.ps[barrie@magnolia tmp]$ wget http://www.psi[barrie@magnolia tmp]$ wget http://www.psi[barrie@magnolia tmp]$ wget http://www.psio[barrie@magnolia tmp]$ wget http://www.psio[barrie@magnolia tmp]$ wget http://www.psion[barrie@magnolia tmp]$ wget http://www.psion[barrie@magnolia tmp]$ wget http://www.psioni[barrie@magnolia tmp]$ wget http://www.psioni[barrie@magnolia tmp]$ wget http://www.psionic[barrie@magnolia tmp]$ wget http://www.psionic[barrie@magnolia tmp]$ wget http://www.psionic.[barrie@magnolia tmp]$ wget http://www.psionic.[barrie@magnolia tmp]$ wget http://www.psionic.c[barrie@magnolia tmp]$ wget http://www.psionic.c[barrie@magnolia tmp]$ wget http://www.psionic.co[barrie@magnolia tmp]$ wget http://www.psionic.co[barrie@magnolia tmp]$ wget http://www.psionic.com[barrie@magnolia tmp]$ wget http://www.psionic.com[barrie@magnolia tmp]$ wget http://www.psionic.com/[barrie@magnolia tmp]$ wget http://www.psionic.com/[barrie@magnolia tmp]$ wget http://www.psionic.com/d[barrie@magnolia tmp]$ wget http://www.psionic.com/d[barrie@magnolia tmp]$ wget http://www.psionic.com/do[barrie@magnolia tmp]$ wget http://www.psionic.com/do[barrie@magnolia tmp]$ wget http://www.psionic.com/dow[barrie@magnolia tmp]$ wget http://www.psionic.com/dow[barrie@magnolia tmp]$ wget http://www.psionic.com/down[barrie@magnolia tmp]$ wget http://www.psionic.com/down[barrie@magnolia tmp]$ wget http://www.psionic.com/downl[barrie@magnolia tmp]$ wget http://www.psionic.com/downl[barrie@magnolia tmp]$ wget http://www.psionic.com/downlo[barrie@magnolia tmp]$ wget http://www.psionic.com/downlo[barrie@magnolia tmp]$ wget http://www.psionic.com/downloa[barrie@magnolia tmp]$ wget http://www.psionic.com/downloa[barrie@magnolia tmp]$ wget http://www.psionic.com/download[barrie@magnolia tmp]$ wget http://www.psionic.com/download[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/h[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/h[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/ho[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/ho[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hos[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hos[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/host[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/host[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hosts[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hosts[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostse[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostse[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsen[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsen[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsent[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsent[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentr[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentr[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.0[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.0[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.02[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.02[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.02.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.02.[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.02.t[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.02.t[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.02.ta[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.02.ta[barrie@magnolia tmp]$ wget http://www.psionic.com/downloads/hostsentry-0.02.tar ...g.g.gz.gz
--16:01:10--  http://www.psionic.com/downloads/hostsentry-0.02.tar.gz
           => `hostsentry-0.02.tar.gz'
Resolving www.psionic.com... done.
Connecting to www.psionic.com[216.141.86.16]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 33,983 [application/x-tar]

 0% [                                     ] 0             --.--K/s    ETA --:-- 9% [==>                                  ] 3,177         11.53K/s    ETA 00:0224% [=======>                             ] 8,177         16.50K/s    ETA 00:0141% [==============>                      ] 14,177        19.44K/s    ETA 00:0063% [======================>              ] 21,677        22.33K/s    ETA 00:0085% [==============================>      ] 29,177        24.21K/s    ETA 00:00100%[====================================>] 33,983        25.47K/s    ETA 00:00

16:01:12 (25.47 KB/s) - `hostsentry-0.02.tar.gz' saved [33983/33983]

]0;barrie@magnolia:~/tmp[barrie@magnolia tmp]$ [barrie@magnolia tmp]$ [barrie@magnolia tmp]$ l[barrie@magnolia tmp]$ l[barrie@magnolia tmp]$ ls[barrie@magnolia tmp]$ ls
[00m[00;31mctime502_linuxre_en.tar.gz[00m           [00;31mopenload-0.1.2.tar.gz[00m
[00;34mdone[00m                                 [00;31mopenoffice-1.0.1-8.i386.rpm[00m
[00;34mextra[00m                                [00;31mopenssl-0.9.6g.tar.gz[00m
[00;31mhostsentry-0.02.tar.gz[00m               [00mopenssl-0.9.6g.tar.gz.1[00m
[00;31mhttpd-2.0.43.tar.gz[00m                  [00;34mperl[00m
[00;34mkernel[00m                               [00;34mphp[00m
[00;31mlogsentry-1.1.1.tar.gz[00m               [00;31mportsentry-1.1.tar.gz[00m
[00;31mnbtscan-1.0.3.tar.gz[00m                 [00;31msiege-latest.tar.gz[00m
[00;31mnetscape-4.79-1.src.rpm[00m              [00;31mvpnclient-linux-3.6.2a.tar.gz[00m
[00;31mOOo_1.0.1_LinuxIntel_install.tar.gz[00m
[m]0;barrie@magnolia:~/tmp[barrie@magnolia tmp]$ [barrie@magnolia tmp]$ [barrie@magnolia tmp]$ c[barrie@magnolia tmp]$ c[barrie@magnolia tmp]$ cp[barrie@magnolia tmp]$ cp[barrie@magnolia tmp]$ c[K[barrie@magnolia tmp]$ c[barrie@magnolia tmp]$ [K[barrie@magnolia tmp]$ [barrie@magnolia tmp]$ s[barrie@magnolia tmp]$ s[barrie@magnolia tmp]$ su[barrie@magnolia tmp]$ su[barrie@magnolia tmp]$ sud[barrie@magnolia tmp]$ sud[barrie@magnolia tmp]$ sudo[barrie@magnolia tmp]$ sudo[barrie@magnolia tmp]$ sudo [barrie@magnolia tmp]$ sudo [barrie@magnolia tmp]$ sudo c[barrie@magnolia tmp]$ sudo c[barrie@magnolia tmp]$ sudo cp[barrie@magnolia tmp]$ sudo cp[barrie@magnolia tmp]$ sudo cp [barrie@magnolia tmp]$ sudo cp [barrie@magnolia tmp]$ sudo cp l[barrie@magnolia tmp]$ sudo cp l[barrie@magnolia tmp]$ sudo cp lo[barrie@magnolia tmp]$ sudo cp lo[barrie@magnolia tmp]$ sudo cp log[barrie@magnolia tmp]$ sudo cp log[barrie@magnolia tmp]$ sudo cp logs[barrie@magnolia tmp]$ sudo cp logs[barrie@magnolia tmp]$ sudo cp logse[barrie@magnolia tmp]$ sudo cp logse[barrie@magnolia tmp]$ sudo cp logsen[barrie@magnolia tmp]$ sudo cp logsen[barrie@magnolia tmp]$ sudo cp logsent[barrie@magnolia tmp]$ sudo cp logsent[barrie@magnolia tmp]$ sudo cp logsentr[barrie@magnolia tmp]$ sudo cp logsentr[barrie@magnolia tmp]$ sudo cp logsentry[barrie@magnolia tmp]$ sudo cp logsentry[barrie@magnolia tmp]$ sudo cp logsentry-[barrie@magnolia tmp]$ sudo cp logsentry-[barrie@magnolia tmp]$ sudo cp logsentry-1[barrie@magnolia tmp]$ sudo cp logsentry-1[barrie@magnolia tmp]$ sudo cp logsentry-1.[barrie@magnolia tmp]$ sudo cp logsentry-1.[barrie@magnolia tmp]$ sudo cp logsentry-1.1[barrie@magnolia tmp]$ sudo cp logsentry-1.1[barrie@magnolia tmp]$ sudo cp logsentry-1.1.[barrie@magnolia tmp]$ sudo cp logsentry-1.1.[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.t[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.t[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.ta[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.ta[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.g[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.g[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz [barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz [barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /u[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /u[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /us[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /us[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/l[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/l[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/lo[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/lo[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/loc[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/loc[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/loca[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/loca[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/local[barrie@magnolia tmp]$ sudo cp logsentry-1.1.1.tar.gz /usr/local
Password:
]0;barrie@magnolia:~/tmp[barrie@magnolia tmp]$ [barrie@magnolia tmp]$ [barrie@magnolia tmp]$ l[barrie@magnolia tmp]$ l[barrie@magnolia tmp]$ ls[barrie@magnolia tmp]$ ls
[00m[00;31mctime502_linuxre_en.tar.gz[00m           [00;31mopenload-0.1.2.tar.gz[00m
[00;34mdone[00m                                 [00;31mopenoffice-1.0.1-8.i386.rpm[00m
[00;34mextra[00m                                [00;31mopenssl-0.9.6g.tar.gz[00m
[00;31mhostsentry-0.02.tar.gz[00m               [00mopenssl-0.9.6g.tar.gz.1[00m
[00;31mhttpd-2.0.43.tar.gz[00m                  [00;34mperl[00m
[00;34mkernel[00m                               [00;34mphp[00m
[00;31mlogsentry-1.1.1.tar.gz[00m               [00;31mportsentry-1.1.tar.gz[00m
[00;31mnbtscan-1.0.3.tar.gz[00m                 [00;31msiege-latest.tar.gz[00m
[00;31mnetscape-4.79-1.src.rpm[00m              [00;31mvpnclient-linux-3.6.2a.tar.gz[00m
[00;31mOOo_1.0.1_LinuxIntel_install.tar.gz[00m
[m]0;barrie@magnolia:~/tmp[barrie@magnolia tmp]$ [barrie@magnolia tmp]$ [barrie@magnolia tmp]$ c[barrie@magnolia tmp]$ c[barrie@magnolia tmp]$ cd[barrie@magnolia tmp]$ cd[barrie@magnolia tmp]$ cd [barrie@magnolia tmp]$ cd [barrie@magnolia tmp]$ cd ![barrie@magnolia tmp]$ cd ![barrie@magnolia tmp]$ cd !$[barrie@magnolia tmp]$ cd !$
cd ls
bash: cd: ls: No such file or directory
]0;barrie@magnolia:~/tmp[barrie@magnolia tmp]$ [barrie@magnolia tmp]$ [barrie@magnolia tmp]$ c[barrie@magnolia tmp]$ c[barrie@magnolia tmp]$ cd[barrie@magnolia tmp]$ cd[barrie@magnolia tmp]$ cd [barrie@magnolia tmp]$ cd [barrie@magnolia tmp]$ cd /[barrie@magnolia tmp]$ cd /[barrie@magnolia tmp]$ cd /u[barrie@magnolia tmp]$ cd /u[barrie@magnolia tmp]$ cd /us[barrie@magnolia tmp]$ cd /us[barrie@magnolia tmp]$ cd /usr[barrie@magnolia tmp]$ cd /usr[barrie@magnolia tmp]$ cd /usr/[barrie@magnolia tmp]$ cd /usr/[barrie@magnolia tmp]$ cd /usr/l[barrie@magnolia tmp]$ cd /usr/l[barrie@magnolia tmp]$ cd /usr/lo[barrie@magnolia tmp]$ cd /usr/lo[barrie@magnolia tmp]$ cd /usr/loc[barrie@magnolia tmp]$ cd /usr/loc[barrie@magnolia tmp]$ cd /usr/loca[barrie@magnolia tmp]$ cd /usr/loca[barrie@magnolia tmp]$ cd /usr/local[barrie@magnolia tmp]$ cd /usr/local
]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ l[barrie@magnolia local]$ l[barrie@magnolia local]$ ls[barrie@magnolia local]$ ls
[00m[00;34mapache2[00m        [00;34mgames[00m         [00;31mlogsentry-1.1.1.tar.gz[00m                  [00;34mshare[00m
[00;34mbin[00m            [00;34mhttpd-2.0.43[00m  [00;36mmysql[00m                                   [00;34msrc[00m
[00;34mCorporateTime[00m  [00;34minclude[00m       [00;34mmysql-max-4.0.3-beta-pc-linux-gnu-i686[00m
[00;34mdoc[00m            [00;34mlib[00m           [00;34mphp-4.2.3[00m
[00;34metc[00m            [00;34mlibexec[00m       [00;34msbin[00m
[m]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ w[barrie@magnolia local]$ w[barrie@magnolia local]$ wh[barrie@magnolia local]$ wh[barrie@magnolia local]$ whi[barrie@magnolia local]$ whi[barrie@magnolia local]$ whic[barrie@magnolia local]$ whic[barrie@magnolia local]$ which[barrie@magnolia local]$ which[barrie@magnolia local]$ which [barrie@magnolia local]$ which [barrie@magnolia local]$ which l[barrie@magnolia local]$ which l[barrie@magnolia local]$ which la[barrie@magnolia local]$ which la[barrie@magnolia local]$ which lao[barrie@magnolia local]$ which lao[barrie@magnolia local]$ which la[K[barrie@magnolia local]$ which la[barrie@magnolia local]$ which l[K[barrie@magnolia local]$ which l[barrie@magnolia local]$ which lo[barrie@magnolia local]$ which lo[barrie@magnolia local]$ which log[barrie@magnolia local]$ which log[barrie@magnolia local]$ which logs[barrie@magnolia local]$ which logs[barrie@magnolia local]$ which logse[barrie@magnolia local]$ which logse[barrie@magnolia local]$ which logsen[barrie@magnolia local]$ which logsen[barrie@magnolia local]$ which logsent[barrie@magnolia local]$ which logsent[barrie@magnolia local]$ which logsentr[barrie@magnolia local]$ which logsentr[barrie@magnolia local]$ which logsentry[barrie@magnolia local]$ which logsentry
/usr/bin/which: no logsentry in (/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/sbin:/usr/sbin:/usr/local/sbin:/home/barrie/bin:/usr/local/mysql/bin)
]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ l[barrie@magnolia local]$ l[barrie@magnolia local]$ lo[barrie@magnolia local]$ lo[barrie@magnolia local]$ loc[barrie@magnolia local]$ loc[barrie@magnolia local]$ loca[barrie@magnolia local]$ loca[barrie@magnolia local]$ locat[barrie@magnolia local]$ locat[barrie@magnolia local]$ locate[barrie@magnolia local]$ locate[barrie@magnolia local]$ locate [barrie@magnolia local]$ locate [barrie@magnolia local]$ locate l[barrie@magnolia local]$ locate l[barrie@magnolia local]$ locate lo[barrie@magnolia local]$ locate lo[barrie@magnolia local]$ locate log[barrie@magnolia local]$ locate log[barrie@magnolia local]$ locate logs[barrie@magnolia local]$ locate logs[barrie@magnolia local]$ locate logse[barrie@magnolia local]$ locate logse[barrie@magnolia local]$ locate logsen[barrie@magnolia local]$ locate logsen[barrie@magnolia local]$ locate logsent[barrie@magnolia local]$ locate logsent[barrie@magnolia local]$ locate logsentr[barrie@magnolia local]$ locate logsentr[barrie@magnolia local]$ locate logsentry[barrie@magnolia local]$ locate logsentry
]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ t[barrie@magnolia local]$ t[barrie@magnolia local]$ [K[barrie@magnolia local]$ [barrie@magnolia local]$ p[barrie@magnolia local]$ p[barrie@magnolia local]$ ps[barrie@magnolia local]$ ps[barrie@magnolia local]$ ps [barrie@magnolia local]$ ps [barrie@magnolia local]$ ps -[barrie@magnolia local]$ ps -[barrie@magnolia local]$ ps -e[barrie@magnolia local]$ ps -e[barrie@magnolia local]$ ps -ef[barrie@magnolia local]$ ps -ef[barrie@magnolia local]$ ps -ef [barrie@magnolia local]$ ps -ef [barrie@magnolia local]$ ps -ef |[barrie@magnolia local]$ ps -ef |[barrie@magnolia local]$ ps -ef | [barrie@magnolia local]$ ps -ef | [barrie@magnolia local]$ ps -ef | g[barrie@magnolia local]$ ps -ef | g[barrie@magnolia local]$ ps -ef | gr[barrie@magnolia local]$ ps -ef | gr[barrie@magnolia local]$ ps -ef | gre[barrie@magnolia local]$ ps -ef | gre[barrie@magnolia local]$ ps -ef | grep[barrie@magnolia local]$ ps -ef | grep[barrie@magnolia local]$ ps -ef | grep [barrie@magnolia local]$ ps -ef | grep [barrie@magnolia local]$ ps -ef | grep l[barrie@magnolia local]$ ps -ef | grep l[barrie@magnolia local]$ ps -ef | grep lo[barrie@magnolia local]$ ps -ef | grep lo[barrie@magnolia local]$ ps -ef | grep log[barrie@magnolia local]$ ps -ef | grep log[barrie@magnolia local]$ ps -ef | grep logc[barrie@magnolia local]$ ps -ef | grep logc[barrie@magnolia local]$ ps -ef | grep logch[barrie@magnolia local]$ ps -ef | grep logch[barrie@magnolia local]$ ps -ef | grep logche[barrie@magnolia local]$ ps -ef | grep logche[barrie@magnolia local]$ ps -ef | grep logchec[barrie@magnolia local]$ ps -ef | grep logchec[barrie@magnolia local]$ ps -ef | grep logcheck[barrie@magnolia local]$ ps -ef | grep logcheck
barrie    7059  1188  0 15:24 pts/1    00:00:00 script logcheckinstall021123
barrie    7060  7059  0 15:24 pts/1    00:00:00 script logcheckinstall021123
barrie    7109  7061  0 16:06 pts/3    00:00:00 grep logcheck
]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ ps -ef | grep logcheck[barrie@magnolia local]$ ps -ef | grep logcheck[barrie@magnolia local]$ ps -ef | grep logchec[K[barrie@magnolia local]$ ps -ef | grep logchec[barrie@magnolia local]$ ps -ef | grep logche[K[barrie@magnolia local]$ ps -ef | grep logche[barrie@magnolia local]$ ps -ef | grep logch[K[barrie@magnolia local]$ ps -ef | grep logch[barrie@magnolia local]$ ps -ef | grep logc[K[barrie@magnolia local]$ ps -ef | grep logc[barrie@magnolia local]$ ps -ef | grep log[K[barrie@magnolia local]$ ps -ef | grep log[barrie@magnolia local]$ ps -ef | grep logs[barrie@magnolia local]$ ps -ef | grep logs[barrie@magnolia local]$ ps -ef | grep logse[barrie@magnolia local]$ ps -ef | grep logse[barrie@magnolia local]$ ps -ef | grep logsen[barrie@magnolia local]$ ps -ef | grep logsen[barrie@magnolia local]$ ps -ef | grep logsent[barrie@magnolia local]$ ps -ef | grep logsent[barrie@magnolia local]$ ps -ef | grep logsentr[barrie@magnolia local]$ ps -ef | grep logsentr[barrie@magnolia local]$ ps -ef | grep logsentry[barrie@magnolia local]$ ps -ef | grep logsentry
barrie    7111  7061  0 16:06 pts/3    00:00:00 grep logsentry
]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ g[barrie@magnolia local]$ g[barrie@magnolia local]$ gu[barrie@magnolia local]$ gu[barrie@magnolia local]$ gun[barrie@magnolia local]$ gun[barrie@magnolia local]$ gu[K[barrie@magnolia local]$ gu[barrie@magnolia local]$ g[K[barrie@magnolia local]$ g[barrie@magnolia local]$ [K[barrie@magnolia local]$ [barrie@magnolia local]$ s[barrie@magnolia local]$ s[barrie@magnolia local]$ su[barrie@magnolia local]$ su[barrie@magnolia local]$ sud[barrie@magnolia local]$ sud[barrie@magnolia local]$ sudo[barrie@magnolia local]$ sudo[barrie@magnolia local]$ sudo [barrie@magnolia local]$ sudo [barrie@magnolia local]$ sudo g[barrie@magnolia local]$ sudo g[barrie@magnolia local]$ sudo gu[barrie@magnolia local]$ sudo gu[barrie@magnolia local]$ sudo gun[barrie@magnolia local]$ sudo gun[barrie@magnolia local]$ sudo gunc[barrie@magnolia local]$ sudo gunc[barrie@magnolia local]$ sudo gun[K[barrie@magnolia local]$ sudo gun[barrie@magnolia local]$ sudo gunz[barrie@magnolia local]$ sudo gunz[barrie@magnolia local]$ sudo gunzi[barrie@magnolia local]$ sudo gunzi[barrie@magnolia local]$ sudo gunzip[barrie@magnolia local]$ sudo gunzip[barrie@magnolia local]$ sudo gunzip [barrie@magnolia local]$ sudo gunzip [barrie@magnolia local]$ sudo gunzip l[barrie@magnolia local]$ sudo gunzip l[barrie@magnolia local]$ sudo gunzip lo[barrie@magnolia local]$ sudo gunzip lo[barrie@magnolia local]$ sudo gunzip log[barrie@magnolia local]$ sudo gunzip log[barrie@magnolia local]$ sudo gunzip logs[barrie@magnolia local]$ sudo gunzip logs[barrie@magnolia local]$ sudo gunzip logse[barrie@magnolia local]$ sudo gunzip logse[barrie@magnolia local]$ sudo gunzip logsen[barrie@magnolia local]$ sudo gunzip logsen[barrie@magnolia local]$ sudo gunzip logsent[barrie@magnolia local]$ sudo gunzip logsent[barrie@magnolia local]$ sudo gunzip logsentr[barrie@magnolia local]$ sudo gunzip logsentr[barrie@magnolia local]$ sudo gunzip logsentry[barrie@magnolia local]$ sudo gunzip logsentry[barrie@magnolia local]$ sudo gunzip logsentry-[barrie@magnolia local]$ sudo gunzip logsentry-[barrie@magnolia local]$ sudo gunzip logsentry-1[barrie@magnolia local]$ sudo gunzip logsentry-1[barrie@magnolia local]$ sudo gunzip logsentry-1.[barrie@magnolia local]$ sudo gunzip logsentry-1.[barrie@magnolia local]$ sudo gunzip logsentry-1.1[barrie@magnolia local]$ sudo gunzip logsentry-1.1[barrie@magnolia local]$ sudo gunzip logsentry-1.1.[barrie@magnolia local]$ sudo gunzip logsentry-1.1.[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.t[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.t[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.ta[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.ta[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.tar[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.tar[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.tar.[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.tar.[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.tar.g[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.tar.g[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.tar.gz[barrie@magnolia local]$ sudo gunzip logsentry-1.1.1.tar.gz
]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ l[barrie@magnolia local]$ l[barrie@magnolia local]$ ls[barrie@magnolia local]$ ls
[00m[00;34mapache2[00m        [00;34mgames[00m         [00;31mlogsentry-1.1.1.tar[00m                     [00;34mshare[00m
[00;34mbin[00m            [00;34mhttpd-2.0.43[00m  [00;36mmysql[00m                                   [00;34msrc[00m
[00;34mCorporateTime[00m  [00;34minclude[00m       [00;34mmysql-max-4.0.3-beta-pc-linux-gnu-i686[00m
[00;34mdoc[00m            [00;34mlib[00m           [00;34mphp-4.2.3[00m
[00;34metc[00m            [00;34mlibexec[00m       [00;34msbin[00m
[m]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ s[barrie@magnolia local]$ s[barrie@magnolia local]$ su[barrie@magnolia local]$ su[barrie@magnolia local]$ sud[barrie@magnolia local]$ sud[barrie@magnolia local]$ sudo[barrie@magnolia local]$ sudo[barrie@magnolia local]$ sudo [barrie@magnolia local]$ sudo [barrie@magnolia local]$ sudo[K[barrie@magnolia local]$ sudo[barrie@magnolia local]$ sud[K[barrie@magnolia local]$ sud[barrie@magnolia local]$ su[K[barrie@magnolia local]$ su[barrie@magnolia local]$ s[K[barrie@magnolia local]$ s[barrie@magnolia local]$ [K[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ s[barrie@magnolia local]$ s[barrie@magnolia local]$ su[barrie@magnolia local]$ su[barrie@magnolia local]$ sud[barrie@magnolia local]$ sud[barrie@magnolia local]$ sudo[barrie@magnolia local]$ sudo[barrie@magnolia local]$ sudo [barrie@magnolia local]$ sudo [barrie@magnolia local]$ sudo t[barrie@magnolia local]$ sudo t[barrie@magnolia local]$ sudo ta[barrie@magnolia local]$ sudo ta[barrie@magnolia local]$ sudo tar[barrie@magnolia local]$ sudo tar[barrie@magnolia local]$ sudo tar [barrie@magnolia local]$ sudo tar [barrie@magnolia local]$ sudo tar t[barrie@magnolia local]$ sudo tar t[barrie@magnolia local]$ sudo tar tf[barrie@magnolia local]$ sudo tar tf[barrie@magnolia local]$ sudo tar tf [barrie@magnolia local]$ sudo tar tf [barrie@magnolia local]$ sudo tar tf l[barrie@magnolia local]$ sudo tar tf l[barrie@magnolia local]$ sudo tar tf ly[barrie@magnolia local]$ sudo tar tf ly[barrie@magnolia local]$ sudo tar tf lyn[barrie@magnolia local]$ sudo tar tf lyn[barrie@magnolia local]$ sudo tar tf lynx[barrie@magnolia local]$ sudo tar tf lynx[barrie@magnolia local]$ sudo tar tf lynx2[barrie@magnolia local]$ sudo tar tf lynx2[barrie@magnolia local]$ sudo tar tf lynx2.[barrie@magnolia local]$ sudo tar tf lynx2.[barrie@magnolia local]$ sudo tar tf lynx2.8[barrie@magnolia local]$ sudo tar tf lynx2.8[barrie@magnolia local]$ sudo tar tf lynx2.8.[barrie@magnolia local]$ sudo tar tf lynx2.8.[barrie@magnolia local]$ sudo tar tf lynx2.8.4[barrie@magnolia local]$ sudo tar tf lynx2.8.4[barrie@magnolia local]$ sudo tar tf lynx2.8.4.[barrie@magnolia local]$ sudo tar tf lynx2.8.4.[barrie@magnolia local]$ sudo tar tf lynx2.8.4.t[barrie@magnolia local]$ sudo tar tf lynx2.8.4.t[barrie@magnolia local]$ sudo tar tf lynx2.8.4.ta[barrie@magnolia local]$ sudo tar tf lynx2.8.4.ta[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar [barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar [barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar |[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar |[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | [barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | [barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | h[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | h[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | he[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | he[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | hea[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | hea[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | head[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | head[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | hea[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | he[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | h[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar | [barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar |[barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar [barrie@magnolia local]$ sudo tar tf lynx2.8.4.tar[barrie@magnolia local]$ sudo tar tf lynx2.8.4.ta[barrie@magnolia local]$ sudo tar tf lynx2.8.4.t[barrie@magnolia local]$ sudo tar tf lynx2.8.4.[barrie@magnolia local]$ sudo tar tf lynx2.8.4[barrie@magnolia local]$ sudo tar tf lynx2.8.[1P[barrie@magnolia local]$ sudo tar tf lynx2.8.[barrie@magnolia local]$ sudo tar tf lynx2.8.[1@1[barrie@magnolia local]$ sudo tar tf lynx2.8.1[barrie@magnolia local]$ sudo tar tf lynx2.8.[barrie@magnolia local]$ sudo tar tf lynx2.8[barrie@magnolia local]$ sudo tar tf lynx2.[1P[barrie@magnolia local]$ sudo tar tf lynx2.[barrie@magnolia local]$ sudo tar tf lynx2.[1@1[barrie@magnolia local]$ sudo tar tf lynx2.1[barrie@magnolia local]$ sudo tar tf lynx2.[barrie@magnolia local]$ sudo tar tf lynx2[barrie@magnolia local]$ sudo tar tf lynx[1P[barrie@magnolia local]$ sudo tar tf lynx[barrie@magnolia local]$ sudo tar tf lynx[1@1[barrie@magnolia local]$ sudo tar tf lynx1[barrie@magnolia local]$ sudo tar tf lynx[barrie@magnolia local]$ sudo tar tf lynx[1@-[barrie@magnolia local]$ sudo tar tf lynx-[barrie@magnolia local]$ sudo tar tf lynx[barrie@magnolia local]$ sudo tar tf lyn[1P[barrie@magnolia local]$ sudo tar tf lyn[barrie@magnolia local]$ sudo tar tf ly[1P[barrie@magnolia local]$ sudo tar tf ly[barrie@magnolia local]$ sudo tar tf l[1P[barrie@magnolia local]$ sudo tar tf l[barrie@magnolia local]$ sudo tar tf [1P[barrie@magnolia local]$ sudo tar tf [barrie@magnolia local]$ sudo tar tf [1@l[barrie@magnolia local]$ sudo tar tf l[barrie@magnolia local]$ sudo tar tf l[1@o[barrie@magnolia local]$ sudo tar tf lo[barrie@magnolia local]$ sudo tar tf lo[1@g[barrie@magnolia local]$ sudo tar tf log[barrie@magnolia local]$ sudo tar tf log[1@s[barrie@magnolia local]$ sudo tar tf logs[barrie@magnolia local]$ sudo tar tf logs[1@e[barrie@magnolia local]$ sudo tar tf logse[barrie@magnolia local]$ sudo tar tf logse[1@n[barrie@magnolia local]$ sudo tar tf logsen[barrie@magnolia local]$ sudo tar tf logsen[1@t[barrie@magnolia local]$ sudo tar tf logsent[barrie@magnolia local]$ sudo tar tf logsent[1@r[barrie@magnolia local]$ sudo tar tf logsentr[barrie@magnolia local]$ sudo tar tf logsentr[1@y[barrie@magnolia local]$ sudo tar tf logsentry
logcheck-1.1.1/
logcheck-1.1.1/src/
logcheck-1.1.1/src/logtail.c
logcheck-1.1.1/systems/
logcheck-1.1.1/systems/sun/
logcheck-1.1.1/systems/sun/logcheck.sh
logcheck-1.1.1/systems/sun/logcheck.hacking
logcheck-1.1.1/systems/sun/logcheck.ignore
logcheck-1.1.1/systems/sun/logcheck.violations
logcheck-1.1.1/systems/sun/logcheck.violations.ignore
]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ t[barrie@magnolia local]$ t[barrie@magnolia local]$ tr[barrie@magnolia local]$ tr[barrie@magnolia local]$ t[K[barrie@magnolia local]$ t[barrie@magnolia local]$ ta[barrie@magnolia local]$ ta[barrie@magnolia local]$ tar[barrie@magnolia local]$ tar[barrie@magnolia local]$ tar [barrie@magnolia local]$ tar [barrie@magnolia local]$ tar x[barrie@magnolia local]$ tar x[barrie@magnolia local]$ tar xv[barrie@magnolia local]$ tar xv[barrie@magnolia local]$ tar xvf[barrie@magnolia local]$ tar xvf[barrie@magnolia local]$ tar xvf [barrie@magnolia local]$ tar xvf [barrie@magnolia local]$ tar xvf l[barrie@magnolia local]$ tar xvf l[barrie@magnolia local]$ tar xvf lo[barrie@magnolia local]$ tar xvf lo[barrie@magnolia local]$ tar xvf log[barrie@magnolia local]$ tar xvf log[barrie@magnolia local]$ tar xvf logs[barrie@magnolia local]$ tar xvf logs[barrie@magnolia local]$ tar xvf logse[barrie@magnolia local]$ tar xvf logse[barrie@magnolia local]$ tar xvf logsen[barrie@magnolia local]$ tar xvf logsen[barrie@magnolia local]$ tar xvf logsent[barrie@magnolia local]$ tar xvf logsent[barrie@magnolia local]$ tar xvf logsentr[barrie@magnolia local]$ tar xvf logsentr[barrie@magnolia local]$ tar xvf logsentry[barrie@magnolia local]$ tar xvf logsentry[barrie@magnolia local]$ tar xvf logsentry-[barrie@magnolia local]$ tar xvf logsentry-[barrie@magnolia local]$ tar xvf logsentry-2[barrie@magnolia local]$ tar xvf logsentry-2[barrie@magnolia local]$ tar xvf logsentry-[K[barrie@magnolia local]$ tar xvf logsentry-[barrie@magnolia local]$ tar xvf logsentry-1[barrie@magnolia local]$ tar xvf logsentry-1[barrie@magnolia local]$ tar xvf logsentry-1.[barrie@magnolia local]$ tar xvf logsentry-1.[barrie@magnolia local]$ tar xvf logsentry-1.1[barrie@magnolia local]$ tar xvf logsentry-1.1[barrie@magnolia local]$ tar xvf logsentry-1.1.[barrie@magnolia local]$ tar xvf logsentry-1.1.[barrie@magnolia local]$ tar xvf logsentry-1.1.1[barrie@magnolia local]$ tar xvf logsentry-1.1.1[barrie@magnolia local]$ tar xvf logsentry-1.1.1.[barrie@magnolia local]$ tar xvf logsentry-1.1.1.[barrie@magnolia local]$ tar xvf logsentry-1.1.1.t[barrie@magnolia local]$ tar xvf logsentry-1.1.1.t[barrie@magnolia local]$ tar xvf logsentry-1.1.1.ta[barrie@magnolia local]$ tar xvf logsentry-1.1.1.ta[barrie@magnolia local]$ tar xvf logsentry-1.1.1.tar[barrie@magnolia local]$ tar xvf logsentry-1.1.1.tar[barrie@magnolia local]$ tar xvf logsentry-1.1.1.ta[barrie@magnolia local]$ tar xvf logsentry-1.1.1.t[barrie@magnolia local]$ tar xvf logsentry-1.1.1.[barrie@magnolia local]$ tar xvf logsentry-1.1.1[barrie@magnolia local]$ tar xvf logsentry-1.1.[barrie@magnolia local]$ tar xvf logsentry-1.1[barrie@magnolia local]$ tar xvf logsentry-1.[barrie@magnolia local]$ tar xvf logsentry-1[barrie@magnolia local]$ tar xvf logsentry-[barrie@magnolia local]$ tar xvf logsentry[barrie@magnolia local]$ tar xvf logsentr[barrie@magnolia local]$ tar xvf logsent[barrie@magnolia local]$ tar xvf logsen[barrie@magnolia local]$ tar xvf logse[barrie@magnolia local]$ tar xvf logs[barrie@magnolia local]$ tar xvf log[barrie@magnolia local]$ tar xvf lo[barrie@magnolia local]$ tar xvf l[barrie@magnolia local]$ tar xvf [barrie@magnolia local]$ tar xvf[barrie@magnolia local]$ tar xv[barrie@magnolia local]$ tar x[barrie@magnolia local]$ tar [barrie@magnolia local]$ tar[barrie@magnolia local]$ ta[barrie@magnolia local]$ t[barrie@magnolia local]$ [barrie@magnolia local]$ [1@s[barrie@magnolia local]$ s[barrie@magnolia local]$ s[1@u[barrie@magnolia local]$ su[barrie@magnolia local]$ su[1@d[barrie@magnolia local]$ sud[barrie@magnolia local]$ sud[1@o[barrie@magnolia local]$ sudo[barrie@magnolia local]$ sudo[1@ [barrie@magnolia local]$ sudo 
logcheck-1.1.1/
logcheck-1.1.1/src/
logcheck-1.1.1/src/logtail.c
logcheck-1.1.1/systems/
logcheck-1.1.1/systems/sun/
logcheck-1.1.1/systems/sun/logcheck.sh
logcheck-1.1.1/systems/sun/logcheck.hacking
logcheck-1.1.1/systems/sun/logcheck.ignore
logcheck-1.1.1/systems/sun/logcheck.violations
logcheck-1.1.1/systems/sun/logcheck.violations.ignore
logcheck-1.1.1/systems/sun/README
logcheck-1.1.1/systems/freebsd/
logcheck-1.1.1/systems/freebsd/logcheck.sh
logcheck-1.1.1/systems/freebsd/logcheck.hacking
logcheck-1.1.1/systems/freebsd/logcheck.ignore
logcheck-1.1.1/systems/freebsd/logcheck.violations
logcheck-1.1.1/systems/freebsd/logcheck.violations.ignore
logcheck-1.1.1/systems/freebsd/README
logcheck-1.1.1/systems/linux/
logcheck-1.1.1/systems/linux/logcheck.sh
logcheck-1.1.1/systems/linux/logcheck.hacking
logcheck-1.1.1/systems/linux/logcheck.ignore
logcheck-1.1.1/systems/linux/logcheck.violations
logcheck-1.1.1/systems/linux/logcheck.violations.ignore
logcheck-1.1.1/systems/linux/README.linux
logcheck-1.1.1/systems/linux/README.linux.IMPORTANT
logcheck-1.1.1/systems/generic/
logcheck-1.1.1/systems/generic/logcheck.hacking
logcheck-1.1.1/systems/generic/logcheck.ignore
logcheck-1.1.1/systems/generic/logcheck.sh
logcheck-1.1.1/systems/generic/logcheck.violations
logcheck-1.1.1/systems/generic/logcheck.violations.ignore
logcheck-1.1.1/systems/generic/README
logcheck-1.1.1/systems/hpux/
logcheck-1.1.1/systems/hpux/logcheck.hacking
logcheck-1.1.1/systems/hpux/logcheck.ignore
logcheck-1.1.1/systems/hpux/logcheck.sh
logcheck-1.1.1/systems/hpux/logcheck.violations
logcheck-1.1.1/systems/hpux/logcheck.violations.ignore
logcheck-1.1.1/systems/hpux/README.HPUX
logcheck-1.1.1/systems/digital/
logcheck-1.1.1/systems/digital/README
logcheck-1.1.1/systems/digital/logcheck.hacking
logcheck-1.1.1/systems/digital/logcheck.ignore
logcheck-1.1.1/systems/digital/logcheck.sh
logcheck-1.1.1/systems/digital/logcheck.violations
logcheck-1.1.1/systems/digital/logcheck.violations.ignore
logcheck-1.1.1/systems/bsdos/
logcheck-1.1.1/systems/bsdos/logcheck.hacking
logcheck-1.1.1/systems/bsdos/logcheck.ignore
logcheck-1.1.1/systems/bsdos/logcheck.sh
logcheck-1.1.1/systems/bsdos/README.bsdi
logcheck-1.1.1/systems/bsdos/logcheck.violations
logcheck-1.1.1/systems/bsdos/logcheck.violations.ignore
logcheck-1.1.1/systems/bsdos/logcheck.violations.ignoret
logcheck-1.1.1/CHANGES
logcheck-1.1.1/CREDITS
logcheck-1.1.1/INSTALL
logcheck-1.1.1/LICENSE
logcheck-1.1.1/Makefile
logcheck-1.1.1/README
logcheck-1.1.1/README.how.to.interpret
logcheck-1.1.1/README.keywords
]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ l[barrie@magnolia local]$ l[barrie@magnolia local]$ ls[barrie@magnolia local]$ ls
[00m[00;34mapache2[00m        [00;34mgames[00m         [00;34mlogcheck-1.1.1[00m                          [00;34msbin[00m
[00;34mbin[00m            [00;34mhttpd-2.0.43[00m  [00;31mlogsentry-1.1.1.tar[00m                     [00;34mshare[00m
[00;34mCorporateTime[00m  [00;34minclude[00m       [00;36mmysql[00m                                   [00;34msrc[00m
[00;34mdoc[00m            [00;34mlib[00m           [00;34mmysql-max-4.0.3-beta-pc-linux-gnu-i686[00m
[00;34metc[00m            [00;34mlibexec[00m       [00;34mphp-4.2.3[00m
[m]0;barrie@magnolia:/usr/local[barrie@magnolia local]$ [barrie@magnolia local]$ [barrie@magnolia local]$ c[barrie@magnolia local]$ c[barrie@magnolia local]$ cd[barrie@magnolia local]$ cd[barrie@magnolia local]$ cd [barrie@magnolia local]$ cd [barrie@magnolia local]$ cd l[barrie@magnolia local]$ cd l[barrie@magnolia local]$ cd lo[barrie@magnolia local]$ cd lo[barrie@magnolia local]$ cd log[barrie@magnolia local]$ cd log[barrie@magnolia local]$ cd logc[barrie@magnolia local]$ cd logc[barrie@magnolia local]$ cd logch[barrie@magnolia local]$ cd logch[barrie@magnolia local]$ cd logche[barrie@magnolia local]$ cd logche[barrie@magnolia local]$ cd logchec[barrie@magnolia local]$ cd logchec[barrie@magnolia local]$ cd logcheck[barrie@magnolia local]$ cd logcheck[barrie@magnolia local]$ cd logcheck-[barrie@magnolia local]$ cd logcheck-[barrie@magnolia local]$ cd logcheck-1[barrie@magnolia local]$ cd logcheck-1[barrie@magnolia local]$ cd logcheck-1.[barrie@magnolia local]$ cd logcheck-1.[barrie@magnolia local]$ cd logcheck-1.1[barrie@magnolia local]$ cd logcheck-1.1[barrie@magnolia local]$ cd logcheck-1.1.[barrie@magnolia local]$ cd logcheck-1.1.[barrie@magnolia local]$ cd logcheck-1.1.1[barrie@magnolia local]$ cd logcheck-1.1.1
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ l[barrie@magnolia logcheck-1.1.1]$ l[barrie@magnolia logcheck-1.1.1]$ ls[barrie@magnolia logcheck-1.1.1]$ ls
[00m[00mCHANGES[00m  [00mINSTALL[00m  [00mMakefile[00m  [00mREADME.how.to.interpret[00m  [00;34msrc[00m
[00mCREDITS[00m  [00mLICENSE[00m  [00mREADME[00m    [00mREADME.keywords[00m          [00;34msystems[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1[barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ m[barrie@magnolia logcheck-1.1.1]$ m[barrie@magnolia logcheck-1.1.1]$ mo[barrie@magnolia logcheck-1.1.1]$ mo[barrie@magnolia logcheck-1.1.1]$ mor[barrie@magnolia logcheck-1.1.1]$ mor[barrie@magnolia logcheck-1.1.1]$ more[barrie@magnolia logcheck-1.1.1]$ more[barrie@magnolia logcheck-1.1.1]$ more [barrie@magnolia logcheck-1.1.1]$ more [barrie@magnolia logcheck-1.1.1]$ more R[barrie@magnolia logcheck-1.1.1]$ more R[barrie@magnolia logcheck-1.1.1]$ more RE[barrie@magnolia logcheck-1.1.1]$ more RE[barrie@magnolia logcheck-1.1.1]$ more REA[barrie@magnolia logcheck-1.1.1]$ more REA[barrie@magnolia logcheck-1.1.1]$ more READ[barrie@magnolia logcheck-1.1.1]$ more READ[barrie@magnolia logcheck-1.1.1]$ more READM[barrie@magnolia logcheck-1.1.1]$ more READM[barrie@magnolia logcheck-1.1.1]$ more README[barrie@magnolia logcheck-1.1.1]$ more README
README: Permission denied
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ su[barrie@magnolia logcheck-1.1.1]$ su[barrie@magnolia logcheck-1.1.1]$ sue[barrie@magnolia logcheck-1.1.1]$ sue[barrie@magnolia logcheck-1.1.1]$ sueo[barrie@magnolia logcheck-1.1.1]$ sueo[barrie@magnolia logcheck-1.1.1]$ sue[K[barrie@magnolia logcheck-1.1.1]$ sue[barrie@magnolia logcheck-1.1.1]$ su[K[barrie@magnolia logcheck-1.1.1]$ su[barrie@magnolia logcheck-1.1.1]$ s[K[barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ [K[barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ su[barrie@magnolia logcheck-1.1.1]$ su
Password: 
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more R[root@magnolia logcheck-1.1.1]# more R[root@magnolia logcheck-1.1.1]# more RE[root@magnolia logcheck-1.1.1]# more RE[root@magnolia logcheck-1.1.1]# more REA[root@magnolia logcheck-1.1.1]# more REA[root@magnolia logcheck-1.1.1]# more READ[root@magnolia logcheck-1.1.1]# more READ[root@magnolia logcheck-1.1.1]# more READM[root@magnolia logcheck-1.1.1]# more READM[root@magnolia logcheck-1.1.1]# more README[root@magnolia logcheck-1.1.1]# more README
Title: logcheck
Author: Craig H. Rowland <crowland@psionic.com>
License: See LICENSE file.
Warranty: Money back guarantee. Not responsible for any consequences from use!!


Abstract

Logcheck is software package that is designed to automatically run and check 
system log files for security violations and unusual activity. Logcheck 
utilizes a program called logtail that remembers the last position it read 
from in a log file and uses this position on subsequent runs to process new 
information. All source code is available for review and the implementation 
was kept simple to avoid problems. This package is a clone of the 
frequentcheck.sh script from the Trusted Information Systems Gauntlet(tm) 
firewall package. TIS has granted permission for me to clone this package.


Purpose

It bothers me to read stories of system administrators who have had a 
break-in realize it too late and report "Well I checked the logs from two 
[7m--More--(17%)[27mweeks ago and found such and such had happened..." or "We've never had 
problems on that system before so we never bothered to check the logs.."

Auditing and logging system events is important! What is more important is 
that system administrators be aware of these events so they can prevent 
problems that will inevitably occur if you have a system connected to the 
Internet.

What is great about Unix is that virtually all modern implementations support 
the syslog(8) facility to report, and quite extensively if configured 
and supported correctly, virtually all happenings good or bad on the host 
system. This allows the creation of an audit trail that can be used very 
effectively to subvert potential attacks and alert system administrators 
that action should be taken.

Unfortunately for most Unices (and Windows NT <ahem>) it doesn't matter how 
much you log activity if nobody ever checks the logs which is often the case.
This is where logcheck will help. Logcheck automates the auditing process 
and weeds out "normal" log information to give you a condensed look at 
problems and potential troublemakers mailed to wherever you please.

So you ask: There are other programs out there that do the same thing,
[7m--More--(40%)[27mwhy do I need this one?

Well I say try the other ones and see which one fits your needs. There are 
many out there that are very good (i.e. swatch), and they all come at a 
great price (free). 

This package has some features though that may be easier for you to use 
because it doesn't require a constantly running program and can mail all 
findings from many systems back to a single location. Additionally, it 
reports any unusual system messages that you may not have seen before, a 
distinct advantage as it is often impossible to know every possible syslog 
message that may come into the logs from the daemons. 

Design

Logcheck is based upon a log checking program called frequentcheck.sh featured 
in the Gauntlet(tm) firewall package by Trusted Information Systems Inc. 
(http://www.tis.com). The logcheck shell script and logtail.c program have been
completely re-written from scratch and is implemented in a slightly 
different manner to accommodate for two methods of log file auditing:

1) By reporting everything you tell it to specifically look for via keywords.
[7m--More--(60%)[27m[K
2) By reporting everything you didn't tell it to ignore via keywords.

This ensures that important messages are specifically brought to your 
attention (via the keywords you look for) and that important messages that 
you may have overlooked are also reported (by only ignoring items you tell 
it to). The original frequentcheck.sh script was implemented in a somewhat 
similar manner.

The script is a simple shell programming model and the logtail.c program 
uses basic ANSI C compatible functions with comments and easy to follow 
source. Unusual tricks and "golly-gee" features have been left out to 
prevent problems.

The logcheck script should be run at least hourly on your hosts from the 
cron daemon. This script will check files for unusual activity through the 
use of simple grep(1) commands and will mail all findings (if any) to the 
administrator. If nothing is found you'll receive no mail. 

System Information

This program comes with default keyword filter files tuned for the firewall 
[7m--More--(79%)[27mtoolkit by TIS and systems running Wietse Venema's TCP Wrapper package 
(Which ALL systems should be running IMHO). This program is also very 
BSDish so you may have to tune it a little if you are running something 
other than a BSD variant (as if there are any other types of unix ;) ). 
I've tested the program extensively on BSDI 2.x, Linux, HPUX 10.x and
FreeBSD 2.x without any hassles or major explosions of any type (although 
on HPUX you may need to get a real compiler and not that braindead piece
of garbage that ships with it).

I am _always_ looking for comments and suggestions. Additionally if you 
have a keyword file you find is nicely tuned for your version 
of Unix (IRIX, AIX, HP, Solaris,  etc. ) please send it to me for 
inclusion in any subsequent updates. Basic keyword files that work well 
for BSDI 2.x, FreeBSD, HPUX, Solaris, SunOS and Linux are included.

PLEASE read the INSTALL file for proper installation procedures and other 
tips. If you have any questions, comments, flames, then please e-mail me at 
crowland@psionic.com

Thanks,

Craig Rowland
[7m--More--(99%)[27mcrowland@psionic.com
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# mor[K[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# mo[K[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# m[K[root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# [K[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# s[root@magnolia logcheck-1.1.1]# s[root@magnolia logcheck-1.1.1]# [K[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more I[root@magnolia logcheck-1.1.1]# more I[root@magnolia logcheck-1.1.1]# more IN[root@magnolia logcheck-1.1.1]# more IN[root@magnolia logcheck-1.1.1]# more INS[root@magnolia logcheck-1.1.1]# more INS[root@magnolia logcheck-1.1.1]# more INST[root@magnolia logcheck-1.1.1]# more INST[root@magnolia logcheck-1.1.1]# more INSTA[root@magnolia logcheck-1.1.1]# more INSTA[root@magnolia logcheck-1.1.1]# more INSTAL[root@magnolia logcheck-1.1.1]# more INSTAL[root@magnolia logcheck-1.1.1]# more INSTALL[root@magnolia logcheck-1.1.1]# more INSTALL
INSTALLATION: Please read the entire file!!

Operation
---------

Logcheck contains several files:

logcheck.sh -- The main script. This file controls all processing and looks 
at log files with simple grep commands. This file is executed on a timed 
basis from cron and reports findings to the sysadmin.

logtail -- A custom executable that remembers the last position of a text 
file. This program is used by logcheck to parse out information from the 
last time the log was opened, this prevents reviewing old material twice. 
All log files will be processed with this program and will have a file named 
"########.offset" put in the same directory, where ####### is the name of 
the log file checked. This file contains the decimal offset information for 
logtail to work. If you delete it, logtail will parse the file from the 
beginning again. Logcheck tracks the size and inode of log files to 
enable it to tell when a log file has been rotated. If the inode of the 
log changes, or the file size is smaller than the last run, logtail will 
reset the counter and parse the entire file. 
[7m--More--(7%)[27m[K
logcheck.hacking -- This file contains keywords that are certifiable attacks 
on your system. I leave this file sparse, unless I know what a certain 
pattern of attack looks like (The default keywords are almost always 
generated by Internet Security Scanner attacks, or sendmail(8) if it is 
being fed illegal syntax in address lines). Any keyword in a log file that 
matches here will generate a report with a more obnoxious header to grab 
your attention faster: "ACTIVE SYSTEM ATTACK"

logcheck.violations -- This file contains keywords of system events that 
are usually seen as negative. Words such as "denied", "refused", etc. 
Positive words such as 'su' successes are also put in here. This file is of 
course not all inclusive and is heavily biased towards FWTK messages and 
BSDish messages with TCP wrappers installed. Violations here are reported 
under the heading "Security Violations" in the reports. 

logcheck.violations.ignore -- This file contains words that are reverse 
searched against the logcheck.violations file. If these words are found, 
that entry is not reported. An example of this are the following log entries:

Feb 28 21:00:08 nemesis sendmail[5475]: VAA05473: to=crowland, ctladdr=root 
(0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, stat=refused
[7m--More--(16%)[27m[K
Feb 28 22:13:53 nemesis rshd: refused connect from hacker@evil.com:1490
 
The top entry is from sendmail and is a fairly common error, the stat line 
indicates that the remote host refused connections (stat=refused). This can 
happen for a variety of reasons and generally is not a problem.

The bottom line however indicates that a person (hacker@evil.com) has tried 
unsuccessfully to start an rsh session on my machine, this is bad (of 
course you shouldn't be running rshd to begin with).

The logcheck.violations file will find the word 'refused' and will flag it 
to be logged, however this will report both instances as being bad and you 
will get false alarms from sendmail (both had the word refused). By putting 
the following in the logcheck.violations.ignore file you tell logcheck to 
ignore the sendmail problem and it will only report to you the bad rsh 
connection:

(in logcheck.violations.ignore)

mailer=local, stat=refused

[7m--More--(22%)[27mThis will prevent reports from any line that contains "refused" but has the 
rest of the keywords "mailer=local, stat=refused." This is of course pretty 
basic, and not very intelligent, however you must remember that by forcing 
you to be specific in what you ignore, you will not overlook something 
important. A word of caution though, if you don't pick a long enough string 
to put in the logcheck.violations.ignore file then you could ignore 
significant events. Be very very careful what you put in here. The default 
file has only one entry in it to allow grep to run. Tune it to your system 
carefully! If the above did not make sense at all, leave the file as it is.

logcheck.ignore -- This file is the catch-all file for words to look for in 
the logs and to NOT REPORT. Again be specific with what you want to ignore 
and go easy on the wildcards. Anything that does not match what is in this 
file is reported (so you don't risk missing anything) as "Unusual System 
Activity." The default is again BSDish and biased towards FWTK and TCP 
Wrappers.

To preserve integrity of the scans the following search order and rules are 
kept:

1) Active System Attacks are reported first.
2) Security Violations are reported second.
[7m--More--(31%)[27m3) Unusual System Events are reported last.

Keyword searches on the logcheck.hacking and logcheck.violations file are 
CASE INSENSITIVE to ensure we don't miss anything. Keyword searches on the 
logcheck.violations.ignore and logcheck.ignore files are CASE SENSITIVE 
to ensure again that we don't miss anything. The *.ignore files REQUIRE you 
to put in the exact text as part of the contents. The more sensitive 
logcheck.violations and logcheck.hacking files will report on any word,
regardless of case, that is found as a match.

The whole process follows the following structure:

logcheck.sh executes hourly ----> 
logcheck.sh executes logtail on log files ----> 
logtail parses off any text from the last time it was run ---> 
logcheck greps text for system attack messages ---> 
logcheck greps text for security violations ---> 
logcheck greps text for security violations to ignore ---> 
logcheck greps text for all messages to ignore. ---> 
any messages found are mailed to system admin.

Overall it's a very simple process and is surprisingly good at telling you 
[7m--More--(38%)[27minformation about your system you were never aware of, but probably should 
have been.


Installation
------------

If you know what a syslog.conf file is, know you have it set up to log 
as much information as possible, AND HAVE SECURED THE LOGS, go to step TWO, 
otherwise you should read step ONE.

Step ONE: Configuring syslog daemon and SECURING your log files.

Before setting up logcheck, you should ensure that your system is not only 
running syslog, but that you have it configured for maximum logging. On 
most all systems I recommend that you send all syslog messages to ONE file 
for logcheck to parse through. This configuration ensures that messages 
will not be missed. On BSDish systems this involves editing the file 
syslog.conf located in /etc. This file contains parameters for syslogd and 
if you don't understand them, PLEASE check:

man syslog.conf
[7m--More--(44%)[27m[K
- OR -

A book.

Many syslog.conf files are sensitive to using tabs instead of spaces for 
your entries and you will mysteriously hose syslogd daemon if you put in 
spaces so be careful.

In the syslog.conf file you should put in an entry like this:

*.info						/var/log/messages

Which will log EVERYTHING to the file "messages" located in /var/log. 
Obviously you should substitute /var/log to the directory typically found 
on your system. For BSDI and most variants this is /var/log for Linux this 
is /var/adm. Your syslog.conf file for your site will have the default in 
it. Remember this will log everything, if you have a very high volume 
server (for instance: mail) you may want to cut back on the logging to prevent 
over running of disk space. You can do this in the following way:

*.info;mail.none				/var/log/messages
[7m--More--(50%)[27m[Kmail.notice					/var/log/messages

This will only log non-standard mail messages, I don't recommend this 
however as it will make it hard to track mail into and out of your system 
if someone attempts, or succeeds, to gain entry. Many systems have separate
log files for different system services, configuring syslog to do this could
look like the following

*.info;mail,ftp,daemon,authpriv.none		/var/log/messages
mail.info					/var/log/mail.log
ftp.info					/var/log/ftp.log
daemon.info					/var/log/daemon.log
authpriv.*					/var/log/secure.log

This configuration will have separate logs for the general system 
messages, mail, ftp, daemon and security messages. Logcheck can be setup to 
check for all of them. Again please see your syslog.conf man 
page for more information.

Now that you have edited your syslog.conf file you need to re-start syslogd 
by sending the HUP signal to it.

[7m--More--(56%)[27mIMPORTANT: You must now go to your log directory (/var/log in the example 
above) and change the log file to owner root, group wheel and mode 600 on 
file permissions. First check if the file exists if it doesn't, you should 
make it. For example if your log files is simply called 'messages' you 
would do the following:

touch /var/log/messages

Now you must ensure that you change the permissions in the following way:

chown root.wheel /var/log/messages
chmod 600 /var/log/messages

I also recommend that any other log files have their permissions set in a 
similar way (at least to mode 600 if you can't change the owner/group). Log 
files contain very sensitive data about system operations and could 
contain passwords, system errors, and other data that can reveal 
vulnerabilites if you are not careful. I personally feel that these files 
should never be readable by any person other than root. 

BSD and FreeBSD: You should go to the /etc directory and edit 
the /etc/daily, /etc/weekly, and /etc/monthly scripts and change the 
[7m--More--(63%)[27m'rotate()' script function to change the log permissions on rotation. 
Simply change the line:

cp /dev/null "$file"; chmod 644 "$file"

To:

cp /dev/null "$file"; chmod 600 "$file"

(The above is for BSDI 2.x, BSDI 3.x uses an external rotate
function now, just change the mode sent to it from 644 to 600
and you'll be OK. FreeBSD will be similiar to the BSDI 2.x script)

When logs are auto-rotated they will have the permissions set automatically.

Once these steps have been completed you can move onto step TWO:

Step TWO: Logcheck and logtail installation.

Logcheck requires the following files to run:

logcheck.sh
logtail.c
logcheck.hacking
logcheck.violations
logcheck.violations.ignore
[7m--More--(68%)[27mlogcheck.ignore

Pull logcheck.sh into your favorite editor and find the section entitled: 
CONFIGURATION SECTION.

Change the name of the SYSADMIN variable to one of your liking. You can use
local names (default is root), or e-mail addresses for remote logging.

Go to the section entitled: LOG FILE CONFIGURATION SECTION and either 
uncomment the log files that apply to you, or add your own. Be sure 
you know the difference between the > and >> operators before you do this. 

If you have one of the default system types (Linux, BSDI, FreeBSD,
SunOS, Digital) you can simply type "make <systype>" and it will
install for you at this point.

If you are using an alternate path for the files (i.e NOT in
/usr/local/whatever), you need to change the path entries for
logcheck.hacking, logcheck.violations, logcheck.ignore, 
logcheck.violations.ignore, and logtail in the main logcheck.sh script. I 
don't recommend you do this unless you have to.  

If you changed the default paths /usr/local/etc and /usr/local/bin in 
the logcheck.sh file you need to edit the Makefile and change INSTALLDIR 
and INSTALLDIR_BIN to point to the same directories. 

[7m--More--(76%)[27mNote that the Makefile will create a directory called /usr/local/etc/tmp by 
default. This is the scratch area for logcheck to handle it's files. I do 
NOT recommend that you use /tmp for any reason as it is publically 
accessible and may pose a danger if a user creates symbolic links to trick 
the logcheck script into overwriting an important system file. I would
also change all automated system scripts to use this directory instead of
/tmp which is notoriously unsafe. 


Editing Cron
------------

After installing logcheck, you should edit your local crontab file for root 
and set logcheck to run once per hour (recommended, although you can do it 
more frequently, or less frequently, although the absolute minimum in my 
opinion is once every few hours or so). Examples are the following:

Hourly check (BSD Systems and Redhat /etc/crontab):

00 * * * * root /bin/sh /usr/local/etc/logcheck.sh

15 Minute check (Linux Slackware Systems /var/spool/cron/crontabs/root):

00,15,30,45 * * * * /usr/local/etc/logcheck.sh


[7m--More--(83%)[27mThe 15 minute check I would recommend for firewalls that generally don't 
produce messages unless they are in trouble.

Remember, logcheck does not report anything if it has nothing useful to say 
(only if the rest of USENET could do this). So running it every 15 
minutes will have no impact on your mailbox if the system being watched is 
quiet. Busier systems can be addressed by less frequent reporting, however 
longer reports mean you must spend more time analyzing them, and you may 
not like this either. Again I recommend hourly.

After you have edited the crontab, you must send the crond daemon a HUP to 
reset it.


Final Check and Troubleshooting
-------------------------------

You are almost done. I recommend that you run the logcheck.sh script by 
hand to ensure that it reads the log files without errors and sends mail to 
the right account. You should check that syslog is in fact logging events 
and that you generate an event or two (just su to root) for logcheck to 
report. You should have a report mailed to you. Run logcheck multiple times 
to ensure that you don't get repeat messages. 

If you get repeat messages then something is wrong with the logtail program 
(not marking the file correctly) and you should check your log directory 
[7m--More--(92%)[27mfor files that end in *.offset. If you do not see these files there you have 
a problem with the logtail binary. Run logtail manually against these logs 
to see if it correctly marks the file offsets. If it still refuses to do it 
you should check your file permissions and make sure that you are 
running all this as root. 

Default file permissions for logcheck files:

logcheck* -- 600 -- Read/Write for root ONLY. Owner root. Group Wheel.
logtail*  -- 700 -- Read/Write/Execute for root ONLY. Owner root. Group Wheel.

*** NOTE: None of the files should ever be SUID root for any reason. 

For the more cautious, you may want to create a special group/user that owns 
the logfiles and have the logfile scanner run as that user. Configuration 
to do this should be rather straight forward, just adjust the file
permissions on the logcheck files accordingly and ensure they can read 
and write to the directory where the logs are stored. 

If you have any questions you can send e-mail for some limited help...
unfortunately my schedule keeps me rather busy so be patient with the 
response...

Thanks,

Craig Rowland
[7m--More--(99%)[27m[K
crowland@psionic.com
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# w[root@magnolia logcheck-1.1.1]# w[root@magnolia logcheck-1.1.1]# wh[root@magnolia logcheck-1.1.1]# wh[root@magnolia logcheck-1.1.1]# who[root@magnolia logcheck-1.1.1]# who[root@magnolia logcheck-1.1.1]# whoa[root@magnolia logcheck-1.1.1]# whoa[root@magnolia logcheck-1.1.1]# whoam[root@magnolia logcheck-1.1.1]# whoam[root@magnolia logcheck-1.1.1]# whoami[root@magnolia logcheck-1.1.1]# whoami
root
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd /[root@magnolia logcheck-1.1.1]# cd /[root@magnolia logcheck-1.1.1]# cd /e[root@magnolia logcheck-1.1.1]# cd /e[root@magnolia logcheck-1.1.1]# cd /et[root@magnolia logcheck-1.1.1]# cd /et[root@magnolia logcheck-1.1.1]# cd /etc[root@magnolia logcheck-1.1.1]# cd /etc
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# v[root@magnolia etc]# v[root@magnolia etc]# vi[root@magnolia etc]# vi[root@magnolia etc]# vi [root@magnolia etc]# vi [root@magnolia etc]# vi s[root@magnolia etc]# vi s[root@magnolia etc]# vi sy[root@magnolia etc]# vi sy[root@magnolia etc]# vi sys[root@magnolia etc]# vi sys[root@magnolia etc]# vi sysl[root@magnolia etc]# vi sysl[root@magnolia etc]# vi syslo[root@magnolia etc]# vi syslo[root@magnolia etc]# vi syslog[root@magnolia etc]# vi syslog[root@magnolia etc]# vi syslog.[root@magnolia etc]# vi syslog.[root@magnolia etc]# vi syslog.c[root@magnolia etc]# vi syslog.c[root@magnolia etc]# vi syslog.co[root@magnolia etc]# vi syslog.co[root@magnolia etc]# vi syslog.con[root@magnolia etc]# vi syslog.con[root@magnolia etc]# vi syslog.conf[root@magnolia etc]# vi syslog.conf
[?1048h[?1047h[?1h=[1;28r[?25h[?25h[27m[m[H[2J[?25l[28;1H"syslog.conf" 26L, 693C[1;1H[34m# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages![m
*.info;mail.none;authpriv.none;cron.none[16C/var/log/messages

[34m# The authpriv file has restricted access.[m
authpriv.*[46C/var/log/secure

[34m# Log all the mail messages in one place.[m
mail.*[50C/var/log/maillog


[34m# Log cron stuff[m
cron.*[50C/var/log/cron

[34m# Everybody gets emergency messages[m
*.emerg[49C*

[34m# Save news errors of level crit and higher in a special file.[m
uucp,news.crit[42C/var/log/spooler

[34m# Save boot messages also to boot.log[m
local7.*[48C/var/log/boot.log
[1m[34m~                                                                                               [m[28;79H1,1[11CAll[1;1H[?25h[?25l[28;1H[K[28;1H:[?25hsyslog.conf.last021124[?25l[1m[37m[41mNot an editor command: syslog.conf.last021124[m[33C1,1[11CAll[1;1H[?25h[?25l[28;79H26,1[26;1H[?25h[?25l[28;1H[K[28;1H:[?25hw syslog.conf.last021123[?25l"syslog.conf.last021123" [New] 26L, 693C written[30C26,1[10CAll[28;79H[K[28;79H26,1[10CAll[26;1H[?25h[?25l[?25h[?25l[28;1H[K[28;1H:[?25hw syslog.conf[?25l"syslog.conf" 26L, 693C written[47C26,1[10CAll[28;79H[K[28;79H26,1[10CAll[26;1H[?25h[?25l[?25h[?25l[28;1H[K[28;1H:[?25hq![?25l[?1l>[?25h[?1047l[?1048l]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# m[root@magnolia etc]# m[root@magnolia etc]# ma[root@magnolia etc]# ma[root@magnolia etc]# man[root@magnolia etc]# man[root@magnolia etc]# man [root@magnolia etc]# man [root@magnolia etc]# man s[root@magnolia etc]# man s[root@magnolia etc]# man sy[root@magnolia etc]# man sy[root@magnolia etc]# man sys[root@magnolia etc]# man sys[root@magnolia etc]# man sysl[root@magnolia etc]# man sysl[root@magnolia etc]# man syslo[root@magnolia etc]# man syslo[root@magnolia etc]# man syslog[root@magnolia etc]# man syslog[root@magnolia etc]# man syslog.[root@magnolia etc]# man syslog.[root@magnolia etc]# man syslog.c[root@magnolia etc]# man syslog.c[root@magnolia etc]# man syslog.co[root@magnolia etc]# man syslog.co[root@magnolia etc]# man syslog.con[root@magnolia etc]# man syslog.con[root@magnolia etc]# man syslog.conf[root@magnolia etc]# man syslog.conf
[?1048h[?1047h[?1h=[28;1H[KSYSLOG.CONF(5)            Linux System Administration           SYSLOG.CONF(5)

[1mNAME[0m
       syslog.conf − syslogd(8) configuration file

[1mDESCRIPTION[0m
       The  [4msyslog.conf[24m file is the main configuration file for the [1msyslogd[0m(8)
       which logs system messages on *nix systems.  This file specifies  rules
       for logging.  For special features see the [1msysklogd[0m(8) manpage.

       Every  rule  consists  of  two  fields,  a [4mselector[24m field and an [4maction[24m
       field.  These two fields are separated by one or more spaces  or  tabs.
       The  selector  field  specifies  a pattern of facilities and priorities
       belonging to the specified action.

       Lines starting with a hash mark (‘‘#’’) and empty lines are ignored.

       This release of [1msyslogd[0m is able to understand an extended syntax.   One
       rule  can  be  divided into several lines if the leading line is termi‐
       nated with an backslash (‘‘\’’).

[1mSELECTORS[0m
       The selector field itself again consists of two parts, a [4mfacility[24m and a
       [4mpriority[24m,  separated by a period (‘‘.’’).  Both parts are case insensi‐
       tive and can also be specified as decimal numbers, but don’t  do  that,
       you  have been warned.  Both facilities and priorities are described in
       [1msyslog[0m(3).   The  names  mentioned  below  correspond  to  the  similar
[28;1H[K:[28;1H[28;1H[K       [1mLOG_[0m‐values in [4m/usr/include/syslog.h[24m.

       The  [4mfacility[24m  is  one of the following keywords: [1mauth[0m, [1mauthpriv[0m, [1mcron[0m,
       [1mdaemon[0m, [1mkern[0m, [1mlpr[0m, [1mmail[0m, [1mmark[0m, [1mnews[0m, [1msecurity[0m (same as  [1mauth[0m),  [1msyslog[0m,
       [1muser[0m,  [1muucp[0m and [1mlocal0[0m through [1mlocal7[0m.  The keyword [1msecurity[0m should not
       be used anymore and [1mmark[0m is only for internal use and therefore  should
       not be used in applications.  Anyway, you may want to specify and redi‐
       rect these messages here.  The [4mfacility[24m specifies  the  subsystem  that
       produced the message, i.e. all mail programs log with the mail facility
       ([1mLOG_MAIL[0m) if they log using syslog.

       The [4mpriority[24m is one of the  following  keywords,  in  ascending  order:
       [1mdebug[0m,  [1minfo[0m, [1mnotice[0m, [1mwarning[0m, [1mwarn[0m (same as [1mwarning[0m), [1merr[0m, [1merror[0m (same
       as [1merr[0m), [1mcrit[0m, [1malert[0m, [1memerg[0m,  [1mpanic[0m  (same  as  [1memerg[0m).   The  keywords
       [1merror[0m,  [1mwarn[0m  and  [1mpanic[0m are deprecated and should not be used anymore.
       The [4mpriority[24m defines the severity of the message

       The behavior of the original BSD syslogd is that all  messages  of  the
       specified priority and higher are logged according to the given action.
       This [1msyslogd[0m(8) behaves the same, but has some extensions.

       In addition to the above mentioned names the [1msyslogd[0m(8) understands the
       following  extensions: An asterisk (‘‘*’’) stands for all facilities or
       all priorities, depending on where it is  used  (before  or  after  the
       period).   The  keyword [1mnone[0m stands for no priority of the given facil‐
       ity.

[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       [1msyslog[0m(3).   The  names  mentioned  below  correspond  to  the  similar
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       you  have been warned.  Both facilities and priorities are described in
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       tive and can also be specified as decimal numbers, but don’t  do  that,
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       [4mpriority[24m,  separated by a period (‘‘.’’).  Both parts are case insensi‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       The selector field itself again consists of two parts, a [4mfacility[24m and a
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM[1mSELECTORS[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       nated with an backslash (‘‘\’’).
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       rule  can  be  divided into several lines if the leading line is termi‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       This release of [1msyslogd[0m is able to understand an extended syntax.   One
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       Lines starting with a hash mark (‘‘#’’) and empty lines are ignored.
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       belonging to the specified action.
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       The  selector  field  specifies  a pattern of facilities and priorities
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       field.  These two fields are separated by one or more spaces  or  tabs.
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       Every  rule  consists  of  two  fields,  a [4mselector[24m field and an [4maction[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       ([1mLOG_MAIL[0m) if they log using syslog.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The [4mpriority[24m is one of the  following  keywords,  in  ascending  order:
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mdebug[0m,  [1minfo[0m, [1mnotice[0m, [1mwarning[0m, [1mwarn[0m (same as [1mwarning[0m), [1merr[0m, [1merror[0m (same
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       as [1merr[0m), [1mcrit[0m, [1malert[0m, [1memerg[0m,  [1mpanic[0m  (same  as  [1memerg[0m).   The  keywords
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1merror[0m,  [1mwarn[0m  and  [1mpanic[0m are deprecated and should not be used anymore.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The [4mpriority[24m defines the severity of the message
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The behavior of the original BSD syslogd is that all  messages  of  the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       specified priority and higher are logged according to the given action.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       This [1msyslogd[0m(8) behaves the same, but has some extensions.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       In addition to the above mentioned names the [1msyslogd[0m(8) understands the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       following  extensions: An asterisk (‘‘*’’) stands for all facilities or
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       all priorities, depending on where it is  used  (before  or  after  the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       period).   The  keyword [1mnone[0m stands for no priority of the given facil‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       ity.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       You can specify multiple facilities with the same priority  pattern  in
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       one  statement  using  the  comma (‘‘,’’) operator.  You may specify as
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       much facilities as you want.  Remember that only the facility part from
[28;1H[K:[28;1H[28;1H[K       such a statement is taken, a priority part would be skipped.

       Multiple selectors may be specified for a single [4maction[24m using the semi‐
       colon (‘‘;’’) separator.  Remember that each selector in  the  [4mselector[24m
       field  is capable to overwrite the preceding ones.  Using this behavior
       you can exclude some priorities from the pattern.

       This [1msyslogd[0m(8) has a syntax extension to the original BSD source, that
       makes its use more intuitively.  You may precede every priority with an
       equation sign (‘‘=’’) to specify only this single priority and not  any
       of  the  above.  You may also (both is valid, too) precede the priority
       with an exclamation mark (‘‘!’’) to ignore all that priorities,  either
       exact this one or this and any higher priority.  If you use both exten‐
       sions than the exclamation mark must occur before  the  equation  sign,
       just use it intuitively.

[1mACTIONS[0m
       The  action field of a rule describes the abstract term ‘‘logfile’’.  A
       ‘‘logfile’’ need not to be a real file, btw.  The  [1msyslogd[0m(8)  provides
       the following actions.

   [1mRegular[0m [1mFile[0m
       Typically messages are logged to real files.  The file has to be speci‐
       fied with full pathname, beginning with a slash ‘‘/’’.

       You may prefix each entry with the minus ‘‘‐’’ sign to omit syncing the
       file  after every logging.  Note that you might lose information if the
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       much facilities as you want.  Remember that only the facility part from
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       one  statement  using  the  comma (‘‘,’’) operator.  You may specify as
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       You can specify multiple facilities with the same priority  pattern  in
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       ity.
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       period).   The  keyword [1mnone[0m stands for no priority of the given facil‐
[28;1H[K:[28;1H[28;1H[K   [1mRegular[0m [1mFile[0m
       Typically messages are logged to real files.  The file has to be speci‐
       fied with full pathname, beginning with a slash ‘‘/’’.

       You may prefix each entry with the minus ‘‘‐’’ sign to omit syncing the
       file  after every logging.  Note that you might lose information if the
       system crashes right behind a write attempt.  Nevertheless  this  might
       give you back some performance, especially if you run programs that use
       logging in a very verbose manner.

   [1mNamed[0m [1mPipes[0m
       This version of [1msyslogd[0m(8) has support for  logging  output   to  named
       pipes  (fifos).   A fifo or named pipe can be used as a destination for
       log messages by prepending a pipe symbol (‘‘|’’) to  the  name  of  the
       file.  This is handy for debugging.  Note that the fifo must be created
       with the [1mmkfifo[0m(1) command  before [1msyslogd[0m(8) is started.

   [1mTerminal[0m [1mand[0m [1mConsole[0m
       If the file you specified is a tty, special tty‐handling is done,  same
       with [4m/dev/console[24m.

   [1mRemote[0m [1mMachine[0m
       This [1msyslogd[0m(8) provides full remote logging, i.e. is able to send mes‐
       sages to a remote host running [1msyslogd[0m(8) and to receive messages  from
       remote hosts.  The remote host won’t forward the message again, it will
       just log them locally.  To forward messages to  another  host,  prepend
       the hostname with the at sign (‘‘@’’).
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       the following actions.
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       ‘‘logfile’’ need not to be a real file, btw.  The  [1msyslogd[0m(8)  provides
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       The  action field of a rule describes the abstract term ‘‘logfile’’.  A
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM[1mACTIONS[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       just use it intuitively.
[28;1H[K:[28;1H[28;1H[K
   [1mRemote[0m [1mMachine[0m
       This [1msyslogd[0m(8) provides full remote logging, i.e. is able to send mes‐
       sages to a remote host running [1msyslogd[0m(8) and to receive messages  from
       remote hosts.  The remote host won’t forward the message again, it will
       just log them locally.  To forward messages to  another  host,  prepend
       the hostname with the at sign (‘‘@’’).

       Using  this  feature  you’re able to control all syslog messages on one
       host, if all other machines will log remotely to that.  This tears down
       administration needs.

   [1mList[0m [1mof[0m [1mUsers[0m
       Usually  critical  messages  are  also  directed  to  ‘‘root’’  on that
       machine.  You can specify a list of users that shall get the message by
       simply  writing the login.  You may specify more than one user by sepa‐
       rating them with commas (‘‘,’’).  If they’re logged  in  they  get  the
       message.  Don’t think a mail would be sent, that might be too late.

   [1mEveryone[0m [1mlogged[0m [1mon[0m
       Emergency  messages  often  go  to all users currently online to notify
       them that something strange is happening with the system.   To  specify
       this [4mwall[24m(1)‐feature use an asterisk (‘‘*’’).

[1mEXAMPLES[0m
       Here  are  some  example, partially taken from a real existing site and
       configuration.  Hopefully they rub out all questions to the  configura‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       with [4m/dev/console[24m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       If the file you specified is a tty, special tty‐handling is done,  same
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM   [1mTerminal[0m [1mand[0m [1mConsole[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       with the [1mmkfifo[0m(1) command  before [1msyslogd[0m(8) is started.
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       file.  This is handy for debugging.  Note that the fifo must be created
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       log messages by prepending a pipe symbol (‘‘|’’) to  the  name  of  the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       Emergency  messages  often  go  to all users currently online to notify
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       them that something strange is happening with the system.   To  specify
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       this [4mwall[24m(1)‐feature use an asterisk (‘‘*’’).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[1mEXAMPLES[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       Here  are  some  example, partially taken from a real existing site and
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       configuration.  Hopefully they rub out all questions to the  configura‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       tion, if not, drop me (Joey) a line.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # Store critical stuff in critical
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              #
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              *.=crit;kern.none            /var/adm/critical
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       This  will  store  all  messages  with  the  priority  [1mcrit[0m in the file
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [4m/var/adm/critical[24m, except for any kernel message.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # Kernel messages are first, stored in the kernel
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # file, critical messages and higher ones also go
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # to another host and to the console
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              #
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              kern.*                       /var/adm/kernel
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              kern.crit                    @finlandia
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              kern.crit                    /dev/console
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              kern.info;kern.!err          /var/adm/kernel‐info
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The first rule direct any message that has the kernel facility  to  the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       file [4m/var/adm/kernel[24m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The  second  statement directs all kernel messages of the priority [1mcrit[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       and higher to the remote host finlandia.  This is  useful,  because  if
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       the  host crashes and the disks get irreparable errors you might not be
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       able to read the stored messages.  If they’re on a  remote  host,  too,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       you still can try to find out the reason for the crash.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The  third  rule  directs  these messages to the actual console, so the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       person who works on the machine will get them, too.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The fourth line tells the syslogd to save all kernel messages that come
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       with  priorities  from  [1minfo[0m up to [1mwarning[0m in the file [4m/var/adm/kernel‐[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [4minfo[24m.  Everything from [4merr[24m and higher is excluded.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # The tcp wrapper loggs with mail.info, we display
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # all the connections on tty12
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              #
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              mail.=info                   /dev/tty12
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       This directs all messages that uses [1mmail.info[0m  (in  source  [1mLOG_MAIL[0m  |
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mLOG_INFO[0m)  to [4m/dev/tty12[24m, the 12th console.  For example the tcpwrapper
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mtcpd[0m(8) uses this as it’s default.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # Store all mail concerning stuff in a file
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              #
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              mail.*;mail.!=info           /var/adm/mail
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       This pattern matches all messages that come  with  the  [1mmail[0m  facility,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       except  for  the  [1minfo[0m  priority.   These  will  be  stored in the file
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [4m/var/adm/mail[24m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # Log all mail.info and news.info messages to info
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              #
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              mail,news.=info              /var/adm/info
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       This will extract all messages that come either with [1mmail.info[0m or  with
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnews.info[0m and store them in the file [4m/var/adm/info[24m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # Log info and notice messages to messages file
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              #
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              *.=info;*.=notice;\
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K                   mail.none  /var/log/messages
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       This  lets  the [1msyslogd[0m log all messages that come with either the [1minfo[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       or the [1mnotice[0m facility into the file [4m/var/log/messages[24m, except for  all
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       messages that use the [1mmail[0m facility.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # Log info messages to messages file
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              #
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              *.=info;\
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K                   mail,news.none       /var/log/messages
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       This  statement  causes  the [1msyslogd[0m to log all messages that come with
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       the [1minfo[0m priority to the file [4m/var/log/messages[24m.  But any message  com‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       ing either with the [1mmail[0m or the [1mnews[0m facility will not be stored.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # Emergency messages will be displayed using wall
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              #
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              *.=emerg                     *
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       This rule tells the [1msyslogd[0m to write all emergency messages to all cur‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       rently logged in users.  This is the wall action.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # Messages of the priority alert will be directed
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              # to the operator
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              #
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              *.alert                      root,joey
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       This rule directs all messages with a priority of [1malert[0m  or  higher  to
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       the  terminals of the operator, i.e. of the users ‘‘root’’ and ‘‘joey’’
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       if they’re logged in.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              *.*                          @finlandia
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       This rule would redirect all messages to a remote host  called  finlan‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       dia.  This is useful especially in a cluster of machines where all sys‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       log messages will be stored on only one machine.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[1mCONFIGURATION[0m [1mFILE[0m [1mSYNTAX[0m [1mDIFFERENCES[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mSyslogd[0m uses a slightly different syntax  for  its  configuration  file
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       than  the  original BSD sources.  Originally all messages of a specific
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       priority and above were forwarded  to  the  log  file.   The  modifiers
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       ‘‘=’’,  ‘‘!’’   and  ‘‘‐’’ were added to make the [1msyslogd[0m more flexible
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       and to use it in a more intuitive manner.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The original  BSD  syslogd  doesn’t  understand  spaces  as  separators
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       between the selector and the action field.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[1mFILES[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [4m/etc/syslog.conf[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Configuration file for [1msyslogd[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[1mBUGS[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The  effects  of  multiple  selectors are sometimes not intuitive.  For
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       example ‘‘mail.crit,*.err’’ will select ‘‘mail’’ facility  messages  at
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       the level of ‘‘err’’ or higher, not at the level of ‘‘crit’’ or higher.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[1mSEE[0m [1mALSO[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1msysklogd[0m(8), [1mklogd[0m(8), [1mlogger[0m(1), [1msyslog[0m(2), [1msyslog[0m(3)
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[1mAUTHORS[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The [1msyslogd[0m is taken from BSD sources, Greg Wettstein (greg@wind.enjel‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       lic.com)  performed  the  port to Linux, Martin Schulze (joey@linux.de)
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       made some bugfixes and added some new features.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[KVersion 1.3                     1 January 1998                  SYSLOG.CONF(5)
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K[?1l>[?1047l[?1048l]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# man syslog.conf[root@magnolia etc]# man syslog.conf[root@magnolia etc]# [1Pvi[root@magnolia etc]# vi syslog.conf
[?1048h[?1047h[?1h=[1;28r[?25h[?25h[27m[m[H[2J[?25l[28;1H"syslog.conf" 26L, 693C[1;1H[34m# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages![m
*.info;mail.none;authpriv.none;cron.none[16C/var/log/messages

[34m# The authpriv file has restricted access.[m
authpriv.*[46C/var/log/secure

[34m# Log all the mail messages in one place.[m
mail.*[50C/var/log/maillog


[34m# Log cron stuff[m
cron.*[50C/var/log/cron

[34m# Everybody gets emergency messages[m
*.emerg[49C*

[34m# Save news errors of level crit and higher in a special file.[m
uucp,news.crit[42C/var/log/spooler

[34m# Save boot messages also to boot.log[m
local7.*[48C/var/log/boot.log
[1m[34m~                                                                                               [m[28;79H26,1[10CAll[26;1H[?25h[?25l[28;80H5[25;1H[?25h[?25l[28;80H4,0-1[24;1H[?25h[?25l[28;80H3,1  [23;1H[?25h[?25l[28;80H2[22;1H[?25h[?25l[28;80H1,0-1[21;1H[?25h[?25l[28;80H0,1  [20;1H[?25h[?25l[28;79H19[19;1H[?25h[?25l[28;80H8,0-1[18;1H[?25h[?25l[28;80H7,1  [17;1H[?25h[?25l[28;80H6[16;1H[?25h[?25l[28;80H5,0-1[15;1H[?25h[?25l[28;80H4[14;1H[?25h[?25l[28;80H3,1  [13;1H[?25h[?25l[28;80H2[12;1H[?25h[?25l[28;80H1,0-1[11;1H[?25h[?25l[28;80H0,1  [10;1H[?25h[?25l[28;79H9,1 [9;1H[?25h[?25l[28;79H8,0-1[8;1H[?25h[?25l[28;79H7,1  [7;1H[?25h[?25l[28;79H6[6;1H[?25h[?25l[28;79H5[5;1H[?25h[?25l[28;79H4,0-1[4;1H[?25h[?25l[28;79H3,1  [3;1H[?25h[?25l[28;79H2[2;1H[?25h[?25l[28;79H1[1;1H[?25h[?25l[28;79H2[2;1H[?25h[?25l[28;79H3[3;1H[?25h[?25l[28;79H4,0-1[4;1H[?25h[?25l[28;79H5,1  [5;1H[?25h[?25l[28;1H[K[28;1H:[?25hq![?25l[?1l>[?25h[?1047l[?1048l]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd /[root@magnolia etc]# cd /[root@magnolia etc]# cd /v[root@magnolia etc]# cd /v[root@magnolia etc]# cd /va[root@magnolia etc]# cd /va[root@magnolia etc]# cd /var[root@magnolia etc]# cd /var[root@magnolia etc]# cd /var/[root@magnolia etc]# cd /var/[root@magnolia etc]# cd /var/l[root@magnolia etc]# cd /var/l[root@magnolia etc]# cd /var/lo[root@magnolia etc]# cd /var/lo[root@magnolia etc]# cd /var/log[root@magnolia etc]# cd /var/log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ls[root@magnolia log]# ls[root@magnolia log]# l[K[root@magnolia log]# l[root@magnolia log]# ll[root@magnolia log]# ll
[00mtotal 1988
-rw-------    1 root     root            0 Nov 24 13:11 [00mboot.log[00m
-rw-------    1 root     root        76261 Nov 24 12:06 [00mboot.log.1[00m
-rw-------    1 root     root        12189 Nov 17 07:37 [00mboot.log.2[00m
-rw-------    1 root     root        42988 Nov 10 10:53 [00mboot.log.3[00m
-rw-------    1 root     root        18426 Nov  3 08:51 [00mboot.log.4[00m
-rw-------    1 root     root         1141 Nov 24 20:01 [00mcron[00m
-rw-------    1 root     root         4459 Nov 24 13:11 [00mcron.1[00m
-rw-------    1 root     root         1947 Nov 17 08:42 [00mcron.2[00m
-rw-------    1 root     root         4261 Nov 10 11:58 [00mcron.3[00m
-rw-------    1 root     root         3095 Nov  3 09:57 [00mcron.4[00m
drwxr-xr-x    2 lp       root         4096 Aug 30 06:22 [00;34mcups[00m
-rw-r--r--    1 root     root         8007 Nov 24 12:06 [00mdmesg[00m
drwxr-xr-x    2 root     root         4096 Sep  5 22:23 [00;34mgdm[00m
drwx------    2 root     root         4096 Oct 27 20:59 [00;34mhttpd[00m
-rw-r--r--    1 root     root        66566 Nov 24 12:06 [00mksyms.0[00m
-rw-r--r--    1 root     root        54353 Nov 24 11:31 [00mksyms.1[00m
-rw-r--r--    1 root     root        66566 Nov 17 20:38 [00mksyms.2[00m
-rw-r--r--    1 root     root        66566 Nov 17 20:37 [00mksyms.3[00m
-rw-r--r--    1 root     root        54353 Nov 17 19:18 [00mksyms.4[00m
-rw-r--r--    1 root     root        66566 Nov 17 18:30 [00mksyms.5[00m
-rw-r--r--    1 root     root        54353 Nov 17 14:17 [00mksyms.6[00m
-r--------    1 root     root     19136220 Nov 24 12:07 [00mlastlog[00m
-rw-------    1 root     root            0 Nov 24 13:11 [00mmaillog[00m
-rw-------    1 root     root         4332 Nov 24 12:06 [00mmaillog.1[00m
-rw-------    1 root     root          722 Nov 17 07:37 [00mmaillog.2[00m
-rw-------    1 root     root         4478 Nov 10 11:58 [00mmaillog.3[00m
-rw-------    1 root     root         2059 Nov  3 08:51 [00mmaillog.4[00m
-rw-------    1 root     root          136 Nov 24 16:10 [00mmessages[00m
-rw-------    1 root     root       286631 Nov 24 12:13 [00mmessages.1[00m
-rw-------    1 root     root        50573 Nov 17 08:30 [00mmessages.2[00m
-rw-------    1 root     root       169975 Nov 10 10:59 [00mmessages.3[00m
-rw-------    1 root     root        73520 Nov  3 08:58 [00mmessages.4[00m
-rw-r--r--    1 root     root        18238 Nov 24 13:11 [00mrpmpkgs[00m
-rw-r--r--    1 root     root        18238 Nov 17 08:42 [00mrpmpkgs.1[00m
-rw-r--r--    1 root     root        18238 Nov 10 11:58 [00mrpmpkgs.2[00m
-rw-r--r--    1 root     root        18168 Nov  9 17:58 [00mrpmpkgs.3[00m
-rw-r--r--    1 root     root        18192 Oct 28 07:20 [00mrpmpkgs.4[00m
drwx------    2 root     root         4096 Aug 28 12:03 [00;34msamba[00m
-rw-r--r--    1 root     root         8824 Oct 18 21:13 [00mscrollkeeper.log[00m
-rw-------    1 root     root          512 Nov 24 16:09 [00msecure[00m
-rw-------    1 root     root         3357 Nov 24 12:12 [00msecure.1[00m
-rw-------    1 root     root          284 Nov 17 07:37 [00msecure.2[00m
-rw-------    1 root     root         2313 Nov 10 10:59 [00msecure.3[00m
-rw-------    1 root     root         3994 Nov  3 08:58 [00msecure.4[00m
-rw-------    1 root     root            0 Nov 24 13:11 [00mspooler[00m
-rw-------    1 root     root            0 Nov 17 08:42 [00mspooler.1[00m
-rw-------    1 root     root            0 Nov 10 11:58 [00mspooler.2[00m
-rw-------    1 root     root            0 Nov  3 09:57 [00mspooler.3[00m
-rw-------    1 root     root            0 Oct 27 20:59 [00mspooler.4[00m
-rw-rw-r--    1 root     root            0 Nov 24 13:11 [00mup2date[00m
-rw-rw-r--    1 root     root            0 Nov 17 08:42 [00mup2date.1[00m
-rw-rw-r--    1 root     root            0 Nov 10 11:58 [00mup2date.2[00m
-rw-rw-r--    1 root     root          286 Nov  9 17:28 [00mup2date.3[00m
-rw-rw-r--    1 root     root            0 Oct 27 20:59 [00mup2date.4[00m
drwxr-xr-x    2 root     root         4096 Jul  1 13:26 [00;34mvbox[00m
-rw-rw-r--    1 root     utmp       302208 Nov 24 16:21 [00mwtmp[00m
-rw-rw-r--    1 root     utmp       173184 Nov  3 08:58 [00mwtmp.1[00m
-rw-rw-r--    1 root     barrie      29465 Nov 24 12:07 [00mXFree86.0.log[00m
[m]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# q[root@magnolia log]# q[root@magnolia log]# [K[root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# cd[root@magnolia log]# cd[root@magnolia log]# cd [root@magnolia log]# cd [root@magnolia log]# cd /[root@magnolia log]# cd /[root@magnolia log]# cd /e[root@magnolia log]# cd /e[root@magnolia log]# cd /et[root@magnolia log]# cd /et[root@magnolia log]# cd /etc[root@magnolia log]# cd /etc
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# cd /etc[root@magnolia etc]# cd /etc[root@magnolia etc]# ll[K[root@magnolia etc]# ll[root@magnolia etc]# cd /var/log[root@magnolia etc]# cd /var/log[root@magnolia etc]# vi syslog.conf[root@magnolia etc]# vi syslog.conf
[?1048h[?1047h[?1h=[1;28r[?25h[?25h[27m[m[H[2J[?25l[28;1H"syslog.conf" 26L, 693C[1;1H[34m# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages![m
*.info;mail.none;authpriv.none;cron.none[16C/var/log/messages

[34m# The authpriv file has restricted access.[m
authpriv.*[46C/var/log/secure

[34m# Log all the mail messages in one place.[m
mail.*[50C/var/log/maillog


[34m# Log cron stuff[m
cron.*[50C/var/log/cron

[34m# Everybody gets emergency messages[m
*.emerg[49C*

[34m# Save news errors of level crit and higher in a special file.[m
uucp,news.crit[42C/var/log/spooler

[34m# Save boot messages also to boot.log[m
local7.*[48C/var/log/boot.log
[1m[34m~                                                                                               [m[28;79H5,1[11CAll[5;1H[?25h[?25l[28;1H[K[28;1H:[?25hq![?25l[?1l>[?25h[?1047l[?1048l]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd /[root@magnolia etc]# cd /[root@magnolia etc]# cd /v[root@magnolia etc]# cd /v[root@magnolia etc]# cd /va[root@magnolia etc]# cd /va[root@magnolia etc]# cd /var[root@magnolia etc]# cd /var[root@magnolia etc]# cd /var/[root@magnolia etc]# cd /var/[root@magnolia etc]# cd /var/l[root@magnolia etc]# cd /var/l[root@magnolia etc]# cd /var/lo[root@magnolia etc]# cd /var/lo[root@magnolia etc]# cd /var/log[root@magnolia etc]# cd /var/log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ls[root@magnolia log]# ls[root@magnolia log]# ls [root@magnolia log]# ls [root@magnolia log]# ls |[root@magnolia log]# ls |[root@magnolia log]# ls | [root@magnolia log]# ls | [root@magnolia log]# ls | m[root@magnolia log]# ls | m[root@magnolia log]# ls | mo[root@magnolia log]# ls | mo[root@magnolia log]# ls | mor[root@magnolia log]# ls | mor[root@magnolia log]# ls | more[root@magnolia log]# ls | more
boot.log
boot.log.1
boot.log.2
boot.log.3
boot.log.4
cron
cron.1
cron.2
cron.3
cron.4
cups
dmesg
gdm
httpd
ksyms.0
ksyms.1
ksyms.2
ksyms.3
ksyms.4
ksyms.5
ksyms.6
lastlog
maillog
maillog.1
maillog.2
maillog.3
[7m--More--[27m[K]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ll[root@magnolia log]# ll[root@magnolia log]# ll [root@magnolia log]# ll [root@magnolia log]# ll |[root@magnolia log]# ll |[root@magnolia log]# ll | [root@magnolia log]# ll | [root@magnolia log]# ll | m[root@magnolia log]# ll | m[root@magnolia log]# ll | mo[root@magnolia log]# ll | mo[root@magnolia log]# ll | mor[root@magnolia log]# ll | mor[root@magnolia log]# ll | more[root@magnolia log]# ll | more
total 1988
-rw-------    1 root     root            0 Nov 24 13:11 boot.log
-rw-------    1 root     root        76261 Nov 24 12:06 boot.log.1
-rw-------    1 root     root        12189 Nov 17 07:37 boot.log.2
-rw-------    1 root     root        42988 Nov 10 10:53 boot.log.3
-rw-------    1 root     root        18426 Nov  3 08:51 boot.log.4
-rw-------    1 root     root         1141 Nov 24 20:01 cron
-rw-------    1 root     root         4459 Nov 24 13:11 cron.1
-rw-------    1 root     root         1947 Nov 17 08:42 cron.2
-rw-------    1 root     root         4261 Nov 10 11:58 cron.3
-rw-------    1 root     root         3095 Nov  3 09:57 cron.4
drwxr-xr-x    2 lp       root         4096 Aug 30 06:22 cups
-rw-r--r--    1 root     root         8007 Nov 24 12:06 dmesg
drwxr-xr-x    2 root     root         4096 Sep  5 22:23 gdm
drwx------    2 root     root         4096 Oct 27 20:59 httpd
-rw-r--r--    1 root     root        66566 Nov 24 12:06 ksyms.0
-rw-r--r--    1 root     root        54353 Nov 24 11:31 ksyms.1
-rw-r--r--    1 root     root        66566 Nov 17 20:38 ksyms.2
-rw-r--r--    1 root     root        66566 Nov 17 20:37 ksyms.3
-rw-r--r--    1 root     root        54353 Nov 17 19:18 ksyms.4
-rw-r--r--    1 root     root        66566 Nov 17 18:30 ksyms.5
-rw-r--r--    1 root     root        54353 Nov 17 14:17 ksyms.6
-r--------    1 root     root     19136220 Nov 24 12:07 lastlog
-rw-------    1 root     root            0 Nov 24 13:11 maillog
-rw-------    1 root     root         4332 Nov 24 12:06 maillog.1
-rw-------    1 root     root          722 Nov 17 07:37 maillog.2
[7m--More--[27m[K]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ll[root@magnolia log]# ll[root@magnolia log]# ll [root@magnolia log]# ll [root@magnolia log]# ll *[root@magnolia log]# ll *[root@magnolia log]# ll *l[root@magnolia log]# ll *l[root@magnolia log]# ll *lo[root@magnolia log]# ll *lo[root@magnolia log]# ll *log[root@magnolia log]# ll *log[root@magnolia log]# ll *log*[root@magnolia log]# ll *log*[root@magnolia log]# ll *log* [root@magnolia log]# ll *log* [root@magnolia log]# ll *log* |[root@magnolia log]# ll *log* |[root@magnolia log]# ll *log* | [root@magnolia log]# ll *log* | [root@magnolia log]# ll *log* | m[root@magnolia log]# ll *log* | m[root@magnolia log]# ll *log* | mo[root@magnolia log]# ll *log* | mo[root@magnolia log]# ll *log* | mor[root@magnolia log]# ll *log* | mor[root@magnolia log]# ll *log* | more[root@magnolia log]# ll *log* | more
-rw-------    1 root     root            0 Nov 24 13:11 boot.log
-rw-------    1 root     root        76261 Nov 24 12:06 boot.log.1
-rw-------    1 root     root        12189 Nov 17 07:37 boot.log.2
-rw-------    1 root     root        42988 Nov 10 10:53 boot.log.3
-rw-------    1 root     root        18426 Nov  3 08:51 boot.log.4
-r--------    1 root     root     19136220 Nov 24 12:07 lastlog
-rw-------    1 root     root            0 Nov 24 13:11 maillog
-rw-------    1 root     root         4332 Nov 24 12:06 maillog.1
-rw-------    1 root     root          722 Nov 17 07:37 maillog.2
-rw-------    1 root     root         4478 Nov 10 11:58 maillog.3
-rw-------    1 root     root         2059 Nov  3 08:51 maillog.4
-rw-r--r--    1 root     root         8824 Oct 18 21:13 scrollkeeper.log
-rw-rw-r--    1 root     barrie      29465 Nov 24 12:07 XFree86.0.log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# cd[root@magnolia log]# cd[root@magnolia log]# cd [root@magnolia log]# cd [root@magnolia log]# cd m[root@magnolia log]# cd m[root@magnolia log]# cd me[root@magnolia log]# cd me[root@magnolia log]# cd mee[root@magnolia log]# cd mee[root@magnolia log]# cd me[K[root@magnolia log]# cd me[root@magnolia log]# cd mes[root@magnolia log]# cd mes[root@magnolia log]# cd mess[root@magnolia log]# cd mess[root@magnolia log]# cd messa[root@magnolia log]# cd messa[root@magnolia log]# cd messag[root@magnolia log]# cd messag[root@magnolia log]# cd messagf[root@magnolia log]# cd messagf[root@magnolia log]# cd messagfe[root@magnolia log]# cd messagfe[root@magnolia log]# cd messagf[K[root@magnolia log]# cd messagf[root@magnolia log]# cd messag[K[root@magnolia log]# cd messag[root@magnolia log]# cd message[root@magnolia log]# cd message[root@magnolia log]# cd messages[root@magnolia log]# cd messages
bash: cd: messages: Not a directory
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ls[root@magnolia log]# ls[root@magnolia log]# ls [root@magnolia log]# ls [root@magnolia log]# ls m[root@magnolia log]# ls m[root@magnolia log]# ls me[root@magnolia log]# ls me[root@magnolia log]# ls me*[root@magnolia log]# ls me*
[00m[00mmessages[00m  [00mmessages.1[00m  [00mmessages.2[00m  [00mmessages.3[00m  [00mmessages.4[00m
[m]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ll[root@magnolia log]# ll[root@magnolia log]# ll [root@magnolia log]# ll [root@magnolia log]# ll m[root@magnolia log]# ll m[root@magnolia log]# ll me[root@magnolia log]# ll me[root@magnolia log]# ll me*[root@magnolia log]# ll me*
[00m-rw-------    1 root     root          136 Nov 24 16:10 [00mmessages[00m
-rw-------    1 root     root       286631 Nov 24 12:13 [00mmessages.1[00m
-rw-------    1 root     root        50573 Nov 17 08:30 [00mmessages.2[00m
-rw-------    1 root     root       169975 Nov 10 10:59 [00mmessages.3[00m
-rw-------    1 root     root        73520 Nov  3 08:58 [00mmessages.4[00m
[m]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# m[root@magnolia log]# m[root@magnolia log]# mo[root@magnolia log]# mo[root@magnolia log]# mor[root@magnolia log]# mor[root@magnolia log]# more[root@magnolia log]# more[root@magnolia log]# more [root@magnolia log]# more [root@magnolia log]# more X[root@magnolia log]# more X[root@magnolia log]# more XF[root@magnolia log]# more XF[root@magnolia log]# more XFr[root@magnolia log]# more XFr[root@magnolia log]# more XFre[root@magnolia log]# more XFre[root@magnolia log]# more XFree[root@magnolia log]# more XFree[root@magnolia log]# more XFree8[root@magnolia log]# more XFree8[root@magnolia log]# more XFree86[root@magnolia log]# more XFree86[root@magnolia log]# more XFree86.[root@magnolia log]# more XFree86.[root@magnolia log]# more XFree86.0[root@magnolia log]# more XFree86.0[root@magnolia log]# more XFree86.0.[root@magnolia log]# more XFree86.0.[root@magnolia log]# more XFree86.0.l[root@magnolia log]# more XFree86.0.l[root@magnolia log]# more XFree86.0.lo[root@magnolia log]# more XFree86.0.lo[root@magnolia log]# more XFree86.0.log[root@magnolia log]# more XFree86.0.log

XFree86 Version 4.2.0 (Red Hat Linux release: 4.2.0-72) / X Window System
(protocol Version 11, revision 0, vendor release 6600)
Release Date: 23 January 2002
	If the server is older than 6-12 months, or if your card is
	newer than the above date, look for a newer version before
	reporting problems.  (See http://www.XFree86.Org/)
Build Operating System: Linux 2.4.18-11smp i686 [ELF] 
Build Host: daffy.perf.redhat.com
 
Module Loader present
OS Kernel: Linux version 2.4.18-14 (bhcompile@stripples.devel.redhat.com) (gcc version 3.2 20020
903 (Red Hat Linux 8.0 3.2-7)) #1 Wed Sep 4 13:35:50 EDT 2002 
Markers: (--) probed, (**) from config file, (==) default setting,
         (++) from command line, (!!) notice, (II) informational,
         (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/XFree86.0.log", Time: Sun Nov 24 12:07:10 2002
(==) Using config file: "/etc/X11/XF86Config"
(==) ServerLayout "Anaconda Configured"
(**) |-->Screen "Screen0" (0)
(**) |   |-->Monitor "Monitor0"
(**) |   |-->Device "NVIDIA GeForce 2 MX (generic)"
(**) |-->Input Device "Mouse0"
(**) |-->Input Device "Mouse1"
(**) |-->Input Device "Keyboard0"
(**) Option "XkbRules" "xfree86"
[7m--More--(4%)[27m(**) XKB: rules: "xfree86"
(**) Option "XkbModel" "pc105"
(**) XKB: model: "pc105"
(**) Option "XkbLayout" "us"
(**) XKB: layout: "us"
(==) Keyboard: CustomKeycode disabled
(**) FontPath set to "unix/:7100"
(**) RgbPath set to "/usr/X11R6/lib/X11/rgb"
(==) ModulePath set to "/usr/X11R6/lib/modules"
(--) using VT number 7

(II) Open APM successful
(II) Module ABI versions:
	XFree86 ANSI C Emulation: 0.1
	XFree86 Video Driver: 0.5
	XFree86 XInput driver : 0.3
	XFree86 Server Extension : 0.1
	XFree86 Font Renderer : 0.3
(II) Loader running on linux
(II) LoadModule: "bitmap"
(II) Loading /usr/X11R6/lib/modules/fonts/libbitmap.a
(II) Module bitmap: vendor="The XFree86 Project"
	compiled for 4.2.0, module version = 1.0.0
	Module class: XFree86 Font Renderer
	ABI class: XFree86 Font Renderer, version 0.3
(II) Loading font Bitmap
[7m--More--(6%)[27m(II) LoadModule: "pcidata"
(II) Loading /usr/X11R6/lib/modules/libpcidata.a
(II) Module pcidata: vendor="The XFree86 Project"
	compiled for 4.2.0, module version = 0.1.0
	ABI class: XFree86 Video Driver, version 0.5
(II) PCI: Probing config type using method 1
(II) PCI: Config type is 1
(II) PCI: stages = 0x03, oldVal1 = 0x8002080c, mode1Res1 = 0x80000000
(II) PCI: PCI scan (all values are in hex)
(II) PCI: 00:00:0: chip 8086,1a30 card 8086,1a30 rev 04 class 06,00,00 hdr 00
(II) PCI: 00:01:0: chip 8086,1a31 card 0000,0000 rev 04 class 06,04,00 hdr 01
(II) PCI: 00:1e:0: chip 8086,244e card 0000,0000 rev 05 class 06,04,00 hdr 01
(II) PCI: 00:1f:0: chip 8086,2440 card 0000,0000 rev 05 class 06,01,00 hdr 80
(II) PCI: 00:1f:1: chip 8086,244b card 1462,3981 rev 05 class 01,01,80 hdr 00
(II) PCI: 00:1f:2: chip 8086,2442 card 1462,3981 rev 05 class 0c,03,00 hdr 00
(II) PCI: 00:1f:3: chip 8086,2443 card 1462,3981 rev 05 class 0c,05,00 hdr 00
(II) PCI: 00:1f:4: chip 8086,2444 card 1462,3981 rev 05 class 0c,03,00 hdr 00
(II) PCI: 01:00:0: chip 10de,0111 card 1462,8839 rev b2 class 03,00,00 hdr 00
(II) PCI: 02:01:0: chip 1113,1216 card 10b8,1255 rev 11 class 02,00,00 hdr 00
(II) PCI: 02:03:0: chip 1813,4000 card 0000,0000 rev 02 class 07,80,00 hdr 00
(II) PCI: 02:09:0: chip 13f6,0111 card 1462,3980 rev 10 class 04,01,00 hdr 00
(II) PCI: 02:0a:0: chip 105a,5275 card 105a,1275 rev 01 class 01,04,85 hdr 00
(II) PCI: 02:0c:0: chip 1033,0035 card 1033,0035 rev 41 class 0c,03,10 hdr 80
(II) PCI: 02:0c:1: chip 1033,0035 card 1033,0035 rev 41 class 0c,03,10 hdr 00
(II) PCI: 02:0c:2: chip 1033,00e0 card 1462,3504 rev 02 class 0c,03,20 hdr 00
(II) PCI: End of PCI scan
[7m--More--(12%)[27m(II) LoadModule: "scanpci"
(II) Loading /usr/X11R6/lib/modules/libscanpci.a
(II) Module scanpci: vendor="The XFree86 Project"
	compiled for 4.2.0, module version = 0.1.0
	ABI class: XFree86 Video Driver, version 0.5
(II) UnloadModule: "scanpci"
(II) Unloading /usr/X11R6/lib/modules/libscanpci.a
(II) Host-to-PCI bridge:
(II) PCI-to-ISA bridge:
(II) PCI-to-PCI bridge:
(II) PCI-to-PCI bridge:
(II) Bus 0: bridge is at (0:0:0), (-1,0,0), BCTRL: 0x08 (VGA_EN is set)
(II) Bus 0 I/O range:
	[0] -1	0x00000000 - 0x0000ffff (0x10000) IX[B]
(II) Bus 0 non-prefetchable memory range:
	[0] -1	0x00000000 - 0xffffffff (0x0) MX[B]
(II) Bus 0 prefetchable memory range:
	[0] -1	0x00000000 - 0xffffffff (0x0) MX[B]
(II) Bus 1: bridge is at (0:1:0), (0,1,1), BCTRL: 0x0f (VGA_EN is set)
(II) Bus 1 I/O range:
(II) Bus 1 non-prefetchable memory range:
	[0] -1	0xddd00000 - 0xdfdfffff (0x2100000) MX[B]
(II) Bus 1 prefetchable memory range:
	[0] -1	0xcda00000 - 0xddafffff (0x10100000) MX[B]
(II) Bus 2: bridge is at (0:30:0), (0,2,2), BCTRL: 0x06 (VGA_EN is cleared)
(II) Bus 2 I/O range:
[7m--More--(16%)[27m[K]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# more XFree86.0.log[root@magnolia log]# more XFree86.0.log[root@magnolia log]# [12Pll me*[root@magnolia log]# ll me*[root@magnolia log]# ls[root@magnolia log]# ls me*[root@magnolia log]# cd messages[root@magnolia log]# cd messages[root@magnolia log]# ll *log* | more[root@magnolia log]# ll *log* | more
-rw-------    1 root     root            0 Nov 24 13:11 boot.log
-rw-------    1 root     root        76261 Nov 24 12:06 boot.log.1
-rw-------    1 root     root        12189 Nov 17 07:37 boot.log.2
-rw-------    1 root     root        42988 Nov 10 10:53 boot.log.3
-rw-------    1 root     root        18426 Nov  3 08:51 boot.log.4
-r--------    1 root     root     19136220 Nov 24 12:07 lastlog
-rw-------    1 root     root            0 Nov 24 13:11 maillog
-rw-------    1 root     root         4332 Nov 24 12:06 maillog.1
-rw-------    1 root     root          722 Nov 17 07:37 maillog.2
-rw-------    1 root     root         4478 Nov 10 11:58 maillog.3
-rw-------    1 root     root         2059 Nov  3 08:51 maillog.4
-rw-r--r--    1 root     root         8824 Oct 18 21:13 scrollkeeper.log
-rw-rw-r--    1 root     barrie      29465 Nov 24 12:07 XFree86.0.log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# [K[root@magnolia log]# [root@magnolia log]# m[root@magnolia log]# m[root@magnolia log]# mo[root@magnolia log]# mo[root@magnolia log]# mor[root@magnolia log]# mor[root@magnolia log]# more[root@magnolia log]# more[root@magnolia log]# more [root@magnolia log]# more [root@magnolia log]# more s[root@magnolia log]# more s[root@magnolia log]# more sc[root@magnolia log]# more sc[root@magnolia log]# more scr[root@magnolia log]# more scr[root@magnolia log]# more scri[root@magnolia log]# more scri[root@magnolia log]# more scrio[root@magnolia log]# more scrio[root@magnolia log]# more scri[K[root@magnolia log]# more scri[root@magnolia log]# more scr[K[root@magnolia log]# more scr[root@magnolia log]# more scro[root@magnolia log]# more scro[root@magnolia log]# more scrol[root@magnolia log]# more scrol[root@magnolia log]# more scroll[root@magnolia log]# more scroll[root@magnolia log]# more scrollk[root@magnolia log]# more scrollk[root@magnolia log]# more scrollke[root@magnolia log]# more scrollke[root@magnolia log]# more scrollkee[root@magnolia log]# more scrollkee[root@magnolia log]# more scrollkeep[root@magnolia log]# more scrollkeep[root@magnolia log]# more scrollkeepr[root@magnolia log]# more scrollkeepr[root@magnolia log]# more scrollkeep[K[root@magnolia log]# more scrollkeep[root@magnolia log]# more scrollkeepe[root@magnolia log]# more scrollkeepe[root@magnolia log]# more scrollkeeper[root@magnolia log]# more scrollkeeper[root@magnolia log]# more scrollkeeper.[root@magnolia log]# more scrollkeeper.[root@magnolia log]# more scrollkeeper.o[root@magnolia log]# more scrollkeeper.o[root@magnolia log]# more scrollkeeper.or[root@magnolia log]# more scrollkeeper.or[root@magnolia log]# more scrollkeeper.org[root@magnolia log]# more scrollkeeper.org[root@magnolia log]# more scrollkeeper.or[K[root@magnolia log]# more scrollkeeper.or[root@magnolia log]# more scrollkeeper.o[K[root@magnolia log]# more scrollkeeper.o[root@magnolia log]# more scrollkeeper.[K[root@magnolia log]# more scrollkeeper.[root@magnolia log]# more scrollkeeper.l[root@magnolia log]# more scrollkeeper.l[root@magnolia log]# more scrollkeeper.lo[root@magnolia log]# more scrollkeeper.lo[root@magnolia log]# more scrollkeeper.log[root@magnolia log]# more scrollkeeper.log
Oct 18 09:07:18 PM Installing ScrollKeeper 0.3.10...
Oct 18 09:07:18 PM scrollkeeper-rebuilddb: Rebuilding ScrollKeeper database...
Oct 18 09:07:18 PM scrollkeeper-update: scrollkeeper-update: /usr/local/share/omf: No such file 
or directory
Oct 18 09:07:18 PM scrollkeeper-update: scrollkeeper-update: /opt/gnome/share/omf: No such file 
or directory
Oct 18 09:07:18 PM scrollkeeper-update: scrollkeeper-update: /opt/gnome-2.0/share/omf: No such f
ile or directory
Oct 18 09:07:18 PM scrollkeeper-update: scrollkeeper-update: /opt/kde/omf: No such file or direc
tory
Oct 18 09:07:19 PM scrollkeeper-update: Registering /usr/share/omf/gnome-system-monitor/gnome-sy
stem-monitor-C.omf
xmlNanoHTTPConnectHost:  Failed to resolve host 'scrollkeeper.sourceforge.net' - Non-authoritive
 host not found or server failure.xmlNanoHTTPConnectHost:  Failed to resolve host 'scrollkeeper.
sourceforge.net' - Non-authoritive host not found or server failure./usr/share/omf/scrollkeeper/
writing_scrollkeeper_omf_files-C.omf:2: warning: failed to load external entity "http://scrollke
eper.sourceforge.net/dtds/scrollkeeper-omf-1.0/scrollkeeper-omf.dtd"
p://scrollkeeper.sourceforge.net/dtds/scrollkeeper-omf-1.0/scrollkeeper-omf.dtd
                                                                              ^
Oct 18 09:07:19 PM scrollkeeper-update: Registering /usr/share/omf/scrollkeeper/writing_scrollke
eper_omf_files-C.omf
Oct 18 09:07:19 PM scrollkeeper-rebuilddb: Done rebuilding ScrollKeeper database.
Oct 18 09:07:20 PM scrollkeeper-update: scrollkeeper-update: /usr/local/share/omf: No such file 
or directory
Oct 18 09:07:20 PM scrollkeeper-update: scrollkeeper-update: /opt/gnome/share/omf: No such file 
or directory
[7m--More--(19%)[27m[K]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# [K[root@magnolia log]# [root@magnolia log]# more scrollkeeper.log[root@magnolia log]# more scrollkeeper.log[root@magnolia log]# [6Pll *log* | more[root@magnolia log]# ll *log* | more
-rw-------    1 root     root            0 Nov 24 13:11 boot.log
-rw-------    1 root     root        76261 Nov 24 12:06 boot.log.1
-rw-------    1 root     root        12189 Nov 17 07:37 boot.log.2
-rw-------    1 root     root        42988 Nov 10 10:53 boot.log.3
-rw-------    1 root     root        18426 Nov  3 08:51 boot.log.4
-r--------    1 root     root     19136220 Nov 24 12:07 lastlog
-rw-------    1 root     root            0 Nov 24 13:11 maillog
-rw-------    1 root     root         4332 Nov 24 12:06 maillog.1
-rw-------    1 root     root          722 Nov 17 07:37 maillog.2
-rw-------    1 root     root         4478 Nov 10 11:58 maillog.3
-rw-------    1 root     root         2059 Nov  3 08:51 maillog.4
-rw-r--r--    1 root     root         8824 Oct 18 21:13 scrollkeeper.log
-rw-rw-r--    1 root     barrie      29465 Nov 24 12:07 XFree86.0.log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# ch[root@magnolia log]# ch[root@magnolia log]# chm[root@magnolia log]# chm[root@magnolia log]# chmo[root@magnolia log]# chmo[root@magnolia log]# chmod[root@magnolia log]# chmod[root@magnolia log]# chmod [root@magnolia log]# chmod [root@magnolia log]# chmod 6[root@magnolia log]# chmod 6[root@magnolia log]# chmod 60[root@magnolia log]# chmod 60[root@magnolia log]# chmod 600[root@magnolia log]# chmod 600[root@magnolia log]# chmod 600 [root@magnolia log]# chmod 600 [root@magnolia log]# chmod 600 s[root@magnolia log]# chmod 600 s[root@magnolia log]# chmod 600 sc[root@magnolia log]# chmod 600 sc[root@magnolia log]# chmod 600 scr[root@magnolia log]# chmod 600 scr[root@magnolia log]# chmod 600 scro[root@magnolia log]# chmod 600 scro[root@magnolia log]# chmod 600 scrol[root@magnolia log]# chmod 600 scrol[root@magnolia log]# chmod 600 scroll[root@magnolia log]# chmod 600 scroll[root@magnolia log]# chmod 600 scrollk[root@magnolia log]# chmod 600 scrollk[root@magnolia log]# chmod 600 scrollke[root@magnolia log]# chmod 600 scrollke[root@magnolia log]# chmod 600 scrollkee[root@magnolia log]# chmod 600 scrollkee[root@magnolia log]# chmod 600 scrollkeep[root@magnolia log]# chmod 600 scrollkeep[root@magnolia log]# chmod 600 scrollkeepe[root@magnolia log]# chmod 600 scrollkeepe[root@magnolia log]# chmod 600 scrollkeeper[root@magnolia log]# chmod 600 scrollkeeper[root@magnolia log]# chmod 600 scrollkeeper.[root@magnolia log]# chmod 600 scrollkeeper.[root@magnolia log]# chmod 600 scrollkeeper.l[root@magnolia log]# chmod 600 scrollkeeper.l[root@magnolia log]# chmod 600 scrollkeeper.lo[root@magnolia log]# chmod 600 scrollkeeper.lo[root@magnolia log]# chmod 600 scrollkeeper.log[root@magnolia log]# chmod 600 scrollkeeper.log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# chmod 600 scrollkeeper.log[root@magnolia log]# chmod 600 scrollkeeper.log[root@magnolia log]# [11Pll *log* | more[root@magnolia log]# ll *log* | more
-rw-------    1 root     root            0 Nov 24 13:11 boot.log
-rw-------    1 root     root        76261 Nov 24 12:06 boot.log.1
-rw-------    1 root     root        12189 Nov 17 07:37 boot.log.2
-rw-------    1 root     root        42988 Nov 10 10:53 boot.log.3
-rw-------    1 root     root        18426 Nov  3 08:51 boot.log.4
-r--------    1 root     root     19136220 Nov 24 12:07 lastlog
-rw-------    1 root     root            0 Nov 24 13:11 maillog
-rw-------    1 root     root         4332 Nov 24 12:06 maillog.1
-rw-------    1 root     root          722 Nov 17 07:37 maillog.2
-rw-------    1 root     root         4478 Nov 10 11:58 maillog.3
-rw-------    1 root     root         2059 Nov  3 08:51 maillog.4
-rw-------    1 root     root         8824 Oct 18 21:13 scrollkeeper.log
-rw-rw-r--    1 root     barrie      29465 Nov 24 12:07 XFree86.0.log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# ch[root@magnolia log]# ch[root@magnolia log]# cho[root@magnolia log]# cho[root@magnolia log]# chow[root@magnolia log]# chow[root@magnolia log]# chown[root@magnolia log]# chown[root@magnolia log]# chown [root@magnolia log]# chown [root@magnolia log]# chown r[root@magnolia log]# chown r[root@magnolia log]# chown ro[root@magnolia log]# chown ro[root@magnolia log]# chown roo[root@magnolia log]# chown roo[root@magnolia log]# chown root[root@magnolia log]# chown root[root@magnolia log]# chown root.[root@magnolia log]# chown root.[root@magnolia log]# chown root.r[root@magnolia log]# chown root.r[root@magnolia log]# chown root.ro[root@magnolia log]# chown root.ro[root@magnolia log]# chown root.roo[root@magnolia log]# chown root.roo[root@magnolia log]# chown root.root[root@magnolia log]# chown root.root[root@magnolia log]# chown root.root [root@magnolia log]# chown root.root [root@magnolia log]# chown root.root X[root@magnolia log]# chown root.root X[root@magnolia log]# chown root.root XF[root@magnolia log]# chown root.root XF[root@magnolia log]# chown root.root XFr[root@magnolia log]# chown root.root XFr[root@magnolia log]# chown root.root XFre[root@magnolia log]# chown root.root XFre[root@magnolia log]# chown root.root XFree[root@magnolia log]# chown root.root XFree[root@magnolia log]# chown root.root XFree8[root@magnolia log]# chown root.root XFree8[root@magnolia log]# chown root.root XFree86[root@magnolia log]# chown root.root XFree86[root@magnolia log]# chown root.root XFree86.[root@magnolia log]# chown root.root XFree86.[root@magnolia log]# chown root.root XFree86.0[root@magnolia log]# chown root.root XFree86.0[root@magnolia log]# chown root.root XFree86.0.[root@magnolia log]# chown root.root XFree86.0.[root@magnolia log]# chown root.root XFree86.0.l[root@magnolia log]# chown root.root XFree86.0.l[root@magnolia log]# chown root.root XFree86.0.lo[root@magnolia log]# chown root.root XFree86.0.lo[root@magnolia log]# chown root.root XFree86.0.log[root@magnolia log]# chown root.root XFree86.0.log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# chown root.root XFree86.0.log[root@magnolia log]# chown root.root XFree86.0.log[root@magnolia log]# [14Pll *log* | more[root@magnolia log]# ll *log* | more
-rw-------    1 root     root            0 Nov 24 13:11 boot.log
-rw-------    1 root     root        76261 Nov 24 12:06 boot.log.1
-rw-------    1 root     root        12189 Nov 17 07:37 boot.log.2
-rw-------    1 root     root        42988 Nov 10 10:53 boot.log.3
-rw-------    1 root     root        18426 Nov  3 08:51 boot.log.4
-r--------    1 root     root     19136220 Nov 24 12:07 lastlog
-rw-------    1 root     root            0 Nov 24 13:11 maillog
-rw-------    1 root     root         4332 Nov 24 12:06 maillog.1
-rw-------    1 root     root          722 Nov 17 07:37 maillog.2
-rw-------    1 root     root         4478 Nov 10 11:58 maillog.3
-rw-------    1 root     root         2059 Nov  3 08:51 maillog.4
-rw-------    1 root     root         8824 Oct 18 21:13 scrollkeeper.log
-rw-rw-r--    1 root     root        29465 Nov 24 12:07 XFree86.0.log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# ch[root@magnolia log]# ch[root@magnolia log]# chm[root@magnolia log]# chm[root@magnolia log]# chmo[root@magnolia log]# chmo[root@magnolia log]# chmod[root@magnolia log]# chmod[root@magnolia log]# chmod [root@magnolia log]# chmod [root@magnolia log]# chmod 6[root@magnolia log]# chmod 6[root@magnolia log]# chmod 60[root@magnolia log]# chmod 60[root@magnolia log]# chmod 600[root@magnolia log]# chmod 600[root@magnolia log]# chmod 600 [root@magnolia log]# chmod 600 [root@magnolia log]# chmod 600 X[root@magnolia log]# chmod 600 X[root@magnolia log]# chmod 600 XF[root@magnolia log]# chmod 600 XF[root@magnolia log]# chmod 600 XFr[root@magnolia log]# chmod 600 XFr[root@magnolia log]# chmod 600 XFre[root@magnolia log]# chmod 600 XFre[root@magnolia log]# chmod 600 XFree[root@magnolia log]# chmod 600 XFree[root@magnolia log]# chmod 600 XFree8[root@magnolia log]# chmod 600 XFree8[root@magnolia log]# chmod 600 XFree86[root@magnolia log]# chmod 600 XFree86[root@magnolia log]# chmod 600 XFree86.[root@magnolia log]# chmod 600 XFree86.[root@magnolia log]# chmod 600 XFree86.0[root@magnolia log]# chmod 600 XFree86.0[root@magnolia log]# chmod 600 XFree86.0.[root@magnolia log]# chmod 600 XFree86.0.[root@magnolia log]# chmod 600 XFree86.0.l[root@magnolia log]# chmod 600 XFree86.0.l[root@magnolia log]# chmod 600 XFree86.0.lo[root@magnolia log]# chmod 600 XFree86.0.lo[root@magnolia log]# chmod 600 XFree86.0.log[root@magnolia log]# chmod 600 XFree86.0.log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ll[root@magnolia log]# ll[root@magnolia log]# l[K[root@magnolia log]# l[root@magnolia log]# [K[root@magnolia log]# [root@magnolia log]# chmod 600 XFree86.0.log[root@magnolia log]# chmod 600 XFree86.0.log[root@magnolia log]# [8Pll *log* | more[root@magnolia log]# ll *log* | more
-rw-------    1 root     root            0 Nov 24 13:11 boot.log
-rw-------    1 root     root        76261 Nov 24 12:06 boot.log.1
-rw-------    1 root     root        12189 Nov 17 07:37 boot.log.2
-rw-------    1 root     root        42988 Nov 10 10:53 boot.log.3
-rw-------    1 root     root        18426 Nov  3 08:51 boot.log.4
-r--------    1 root     root     19136220 Nov 24 12:07 lastlog
-rw-------    1 root     root            0 Nov 24 13:11 maillog
-rw-------    1 root     root         4332 Nov 24 12:06 maillog.1
-rw-------    1 root     root          722 Nov 17 07:37 maillog.2
-rw-------    1 root     root         4478 Nov 10 11:58 maillog.3
-rw-------    1 root     root         2059 Nov  3 08:51 maillog.4
-rw-------    1 root     root         8824 Oct 18 21:13 scrollkeeper.log
-rw-------    1 root     root        29465 Nov 24 12:07 XFree86.0.log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# ll *log* | more[root@magnolia log]# ll *log* | more[root@magnolia log]# chmod 600 XFree86.0.log[root@magnolia log]# chmod 600 XFree86.0.log[root@magnolia log]# [8Pll *log* | more[root@magnolia log]# ll *log* | more[root@magnolia log]# chown root.root XFree86.0.log[root@magnolia log]# chown root.root XFree86.0.log[root@magnolia log]# [14Pll *log* | more[root@magnolia log]# ll *log* | more[root@magnolia log]# chmod 600 scrollkeeper.log[root@magnolia log]# chmod 600 scrollkeeper.log[root@magnolia log]# [11Pll *log* | more[root@magnolia log]# ll *log* | more[root@magnolia log]# more scrollkeeper.log[root@magnolia log]# more scrollkeeper.log[root@magnolia log]# [6Pll *log* | more[root@magnolia log]# ll *log* | more[root@magnolia log]# more XFree86.0.log[root@magnolia log]# more XFree86.0.log[root@magnolia log]# [12Pll me*[root@magnolia log]# ll me*[root@magnolia log]# ls[root@magnolia log]# ls me*[root@magnolia log]# ll[root@magnolia log]# ll me*
[00m-rw-------    1 root     root          136 Nov 24 16:10 [00mmessages[00m
-rw-------    1 root     root       286631 Nov 24 12:13 [00mmessages.1[00m
-rw-------    1 root     root        50573 Nov 17 08:30 [00mmessages.2[00m
-rw-------    1 root     root       169975 Nov 10 10:59 [00mmessages.3[00m
-rw-------    1 root     root        73520 Nov  3 08:58 [00mmessages.4[00m
[m]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# cd[root@magnolia log]# cd[root@magnolia log]# cd [root@magnolia log]# cd [root@magnolia log]# cd /[root@magnolia log]# cd /[root@magnolia log]# cd /e[root@magnolia log]# cd /e[root@magnolia log]# cd /et[root@magnolia log]# cd /et[root@magnolia log]# cd /etc[root@magnolia log]# cd /etc[root@magnolia log]# cd /etc/[root@magnolia log]# cd /etc/[root@magnolia log]# cd /etc/d[root@magnolia log]# cd /etc/d[root@magnolia log]# cd /etc/da[root@magnolia log]# cd /etc/da[root@magnolia log]# cd /etc/dai[root@magnolia log]# cd /etc/dai[root@magnolia log]# cd /etc/dail[root@magnolia log]# cd /etc/dail[root@magnolia log]# cd /etc/daily[root@magnolia log]# cd /etc/daily
bash: cd: /etc/daily: No such file or directory
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# cd[root@magnolia log]# cd[root@magnolia log]# cd [root@magnolia log]# cd [root@magnolia log]# cd e[root@magnolia log]# cd e[root@magnolia log]# cd et[root@magnolia log]# cd et[root@magnolia log]# cd etc[root@magnolia log]# cd etc[root@magnolia log]# cd et[K[root@magnolia log]# cd et[root@magnolia log]# cd e[K[root@magnolia log]# cd e[root@magnolia log]# cd [K[root@magnolia log]# cd [root@magnolia log]# cd /[root@magnolia log]# cd /[root@magnolia log]# cd /e[root@magnolia log]# cd /e[root@magnolia log]# cd /et[root@magnolia log]# cd /et[root@magnolia log]# cd /etc[root@magnolia log]# cd /etc
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# l[root@magnolia etc]# l[root@magnolia etc]# ls[root@magnolia etc]# ls
[00m[00ma2ps.cfg[00m               [00mgshadow[00m               [00mmail.rc[00m             [00;36mrc5.d[00m
[00ma2ps-site.cfg[00m          [00mgshadow-[00m              [00;34mmakedev.d[00m           [00;36mrc6.d[00m
[00madjtime[00m                [00;34mgtk[00m                   [00mman.config[00m          [00;34mrc.d[00m
[00;34maep[00m                    [00;34mgtk-2.0[00m               [00mmime-magic[00m          [00;36mrc.local[00m
[00maep.conf[00m               [00mhost.conf[00m             [00mmime-magic.dat[00m      [00;36mrc.sysinit[00m
[00maeplog.conf[00m            [00mhosts[00m                 [00mmime.types[00m          [00mredhat-release[00m
[00;34malchemist[00m              [00mhosts.allow[00m           [00mminicom.users[00m       [00mresolv.conf[00m
[00maliases[00m                [00mhosts.deny[00m            [00mmodules.conf[00m        [00;36mrmt[00m
[00maliases.db[00m             [00;34mhotplug[00m               [00mmodules.conf~[00m       [00mrndc.conf[00m
[00maliasesLAST20021019[00m    [00mhtdig.conf[00m            [00mmotd[00m                [00mrndc.key[00m
[00;34malternatives[00m           [00;34mhttpd[00m                 [00mmtab[00m                [00mrpc[00m
[00manacrontab[00m             [00mim_palette.pal[00m        [00mmtools.conf[00m         [00;34mrpm[00m
[00mat.deny[00m                [00mim_palette-small.pal[00m  [00mMuttrc[00m              [00;34msamba[00m
[00mauto.master[00m            [00mim_palette-tiny.pal[00m   [00mnamed.custom[00m        [00;34msane.d[00m
[00mauto.misc[00m              [00mimrc[00m                  [00mnscd.conf[00m           [00mscreenrc[00m
[00mbashrc[00m                 [00minfo-dir[00m              [00mnsswitch.conf[00m       [00mscrollkeeper.conf[00m
[00;34mbonobo-activation[00m      [00;36minit.d[00m                [00;34mntp[00m                 [00msecuretty[00m
[00mcdrecord.conf[00m          [00minitlog.conf[00m          [00mntp.conf[00m            [00;34msecurity[00m
[00;34mCiscoSystemsVPNClient[00m  [00minittab[00m               [00;34moaf[00m                 [00msensors.conf[00m
[00;34mCORBA[00m                  [00minputrc[00m               [00;34mopenldap[00m            [00mservices[00m
[00;34mcron.d[00m                 [00mioctl.save[00m            [00;34mopenoffice[00m          [00;34msgml[00m
[00;34mcron.daily[00m             [00;34miproute2[00m              [00;34mopt[00m                 [00mshadow[00m
[00;34mcron.hourly[00m            [00;34misdn[00m                  [00;34mpam.d[00m               [00mshadow-[00m
[00;34mcron.monthly[00m           [00missue[00m                 [00mpam_smb.conf[00m        [00mshells[00m
[00mcrontab[00m                [00missue.net[00m             [00;34mpango[00m               [00;34mskel[00m
[00;34mcron.weekly[00m            [00;34mkde[00m                   [00mpaper.config[00m        [00;32mslrn.rc[00m
[00mcsh.cshrc[00m              [00mkderc[00m                 [00mpasswd[00m              [00;34msmrsh[00m
[00mcsh.login[00m              [00mkrb5.conf[00m             [00mpasswd-[00m             [00;34msnmp[00m
[00;34mcups[00m                   [00mkrb.conf[00m              [00mpasswdLAST20021020[00m  [00;34msound[00m
[00;34mdefault[00m                [00mkrb.realms[00m            [00mpasswd.OLD[00m          [00;34mssh[00m
[00mDIR_COLORS[00m             [00mksysguarddrc[00m          [00mpbm2ppa.conf[00m        [00msudoers[00m
[00mDIR_COLORS.xterm[00m       [00mldap.conf[00m             [00;34mpcmcia[00m              [00msudoersLAST20021019[00m
[00mdumpdates[00m              [00mld.so.cache[00m           [00mpine.conf[00m           [00;34msysconfig[00m
[00mesd.conf[00m               [00mld.so.conf[00m            [00mpine.conf.fixed[00m     [00msysctl.conf[00m
[00;34methereal[00m               [00mlftp.conf[00m             [00mpinforc[00m             [00msyslog.conf[00m
[00mexports[00m                [00mlibuser.conf[00m          [00mpnm2ppa.conf[00m        [00msyslog.conf.last021123[00m
[00mfam.conf[00m               [00mlilo.conf.anaconda[00m    [00;34mpostfix[00m             [00mtermcap[00m
[00mfb.modes[00m               [00;34mlocale[00m                [00;34mppp[00m                 [00mupdatedb.conf[00m
[00mfdprm[00m                  [00mlocaltime[00m             [00mprintcap[00m            [00mupdfstab.conf[00m
[00mfilesystems[00m            [00;34mlog.d[00m                 [00mprintcap.local[00m      [00mupdfstab.conf.default[00m
[00;34mfonts[00m                  [00mlogin.defs[00m            [00mprintcap.old[00m        [00;36mvfontcap[00m
[00mfstab[00m                  [00mlogrotate.conf[00m        [00mprintconf.local[00m     [00;34mvfs[00m
[00mfstab.REVOKE[00m           [00;34mlogrotate.d[00m           [00mprofile[00m             [00mwarnquota.conf[00m
[00;34mgconf[00m                  [00mlpd.conf[00m              [00;34mprofile.d[00m           [00mwebalizer.conf[00m
[00;34mgimp[00m                   [00mlpd.perms[00m             [00mprotocols[00m           [00mwgetrc[00m
[00;34mgnome[00m                  [00mltrace.conf[00m           [00mpwdb.conf[00m           [00;34mX11[00m
[00;34mgnome-vfs-2.0[00m          [00mlvmtab[00m                [00;36mrc[00m                  [00mxinetd.conf[00m
[00mgnome-vfs-mime-magic[00m   [00;34mlvmtab.d[00m              [00;36mrc0.d[00m               [00;34mxinetd.d[00m
[00mgpm-root.conf[00m          [00mlynx.cfg[00m              [00;36mrc1.d[00m               [00;34mxml[00m
[00mgroup[00m                  [00mlynx-site.cfg[00m         [00;36mrc2.d[00m               [00mxpdfrc[00m
[00mgroup-[00m                 [00;34mmail[00m                  [00;36mrc3.d[00m               [00myp.conf[00m
[00;36mgrub.conf[00m              [00mmailcap[00m               [00;36mrc4.d[00m
[m]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# l[root@magnolia etc]# l[root@magnolia etc]# ls[root@magnolia etc]# ls[root@magnolia etc]# ls [root@magnolia etc]# ls [root@magnolia etc]# ls d[root@magnolia etc]# ls d[root@magnolia etc]# ls d*[root@magnolia etc]# ls d*
[00m[00mdumpdates[00m

default:
[00museradd[00m
[m]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]#  [root@magnolia etc]#  [root@magnolia etc]# [K[root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd c[root@magnolia etc]# cd c[root@magnolia etc]# cd cr[root@magnolia etc]# cd cr[root@magnolia etc]# cd cro[root@magnolia etc]# cd cro[root@magnolia etc]# cd cron[root@magnolia etc]# cd cron[root@magnolia etc]# cd cron.[root@magnolia etc]# cd cron.[root@magnolia etc]# cd cron.d[root@magnolia etc]# cd cron.d[root@magnolia etc]# cd cron.da[root@magnolia etc]# cd cron.da[root@magnolia etc]# cd cron.dai[root@magnolia etc]# cd cron.dai[root@magnolia etc]# cd cron.dail[root@magnolia etc]# cd cron.dail[root@magnolia etc]# cd cron.daily[root@magnolia etc]# cd cron.daily
]0;barrie@magnolia:/etc/cron.daily[root@magnolia cron.daily]# [root@magnolia cron.daily]# [root@magnolia cron.daily]# l[root@magnolia cron.daily]# l[root@magnolia cron.daily]# ls[root@magnolia cron.daily]# ls
[00m[00;36m00-logwatch[00m  [00;32m0anacron[00m   [00;32mmakewhatis.cron[00m  [00;32mslocate.cron[00m  [00;32mtmpwatch[00m
[00;32m00webalizer[00m  [00;32mlogrotate[00m  [00;32mrpm[00m              [00;32mtetex.cron[00m
[m]0;barrie@magnolia:/etc/cron.daily[root@magnolia cron.daily]# [root@magnolia cron.daily]# [root@magnolia cron.daily]#  [root@magnolia cron.daily]#  [root@magnolia cron.daily]# [K[root@magnolia cron.daily]# [root@magnolia cron.daily]# [root@magnolia cron.daily]# m[root@magnolia cron.daily]# m[root@magnolia cron.daily]# mo[root@magnolia cron.daily]# mo[root@magnolia cron.daily]# mor[root@magnolia cron.daily]# mor[root@magnolia cron.daily]# more[root@magnolia cron.daily]# more[root@magnolia cron.daily]# more [root@magnolia cron.daily]# more [root@magnolia cron.daily]# more l[root@magnolia cron.daily]# more l[root@magnolia cron.daily]# more lo[root@magnolia cron.daily]# more lo[root@magnolia cron.daily]# more log[root@magnolia cron.daily]# more log[root@magnolia cron.daily]# more logr[root@magnolia cron.daily]# more logr[root@magnolia cron.daily]# more logro[root@magnolia cron.daily]# more logro[root@magnolia cron.daily]# more logrot[root@magnolia cron.daily]# more logrot[root@magnolia cron.daily]# more logrota[root@magnolia cron.daily]# more logrota[root@magnolia cron.daily]# more logrotat[root@magnolia cron.daily]# more logrotat[root@magnolia cron.daily]# more logrotate[root@magnolia cron.daily]# more logrotate
#!/bin/sh

/usr/sbin/logrotate /etc/logrotate.conf
]0;barrie@magnolia:/etc/cron.daily[root@magnolia cron.daily]# [root@magnolia cron.daily]# [root@magnolia cron.daily]# c[root@magnolia cron.daily]# c[root@magnolia cron.daily]# cd[root@magnolia cron.daily]# cd[root@magnolia cron.daily]# cd [root@magnolia cron.daily]# cd [root@magnolia cron.daily]# cd /[root@magnolia cron.daily]# cd /[root@magnolia cron.daily]# cd /e[root@magnolia cron.daily]# cd /e[root@magnolia cron.daily]# cd /et[root@magnolia cron.daily]# cd /et[root@magnolia cron.daily]# cd /etc[root@magnolia cron.daily]# cd /etc[root@magnolia cron.daily]# cd /etc/[root@magnolia cron.daily]# cd /etc/[root@magnolia cron.daily]# cd /etc[K[root@magnolia cron.daily]# cd /etc
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# m[root@magnolia etc]# m[root@magnolia etc]# mo[root@magnolia etc]# mo[root@magnolia etc]# mor[root@magnolia etc]# mor[root@magnolia etc]# more[root@magnolia etc]# more[root@magnolia etc]# more [root@magnolia etc]# more [root@magnolia etc]# more l[root@magnolia etc]# more l[root@magnolia etc]# more lo[root@magnolia etc]# more lo[root@magnolia etc]# more log[root@magnolia etc]# more log[root@magnolia etc]# more logr[root@magnolia etc]# more logr[root@magnolia etc]# more logro[root@magnolia etc]# more logro[root@magnolia etc]# more logrot[root@magnolia etc]# more logrot[root@magnolia etc]# more logrota[root@magnolia etc]# more logrota[root@magnolia etc]# more logrotat[root@magnolia etc]# more logrotat[root@magnolia etc]# more logrotate[root@magnolia etc]# more logrotate[root@magnolia etc]# more logrotate.[root@magnolia etc]# more logrotate.[root@magnolia etc]# more logrotate.c[root@magnolia etc]# more logrotate.c[root@magnolia etc]# more logrotate.co[root@magnolia etc]# more logrotate.co[root@magnolia etc]# more logrotate.con[root@magnolia etc]# more logrotate.con[root@magnolia etc]# more logrotate.conf[root@magnolia etc]# more logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# m[root@magnolia etc]# m[root@magnolia etc]# ma[root@magnolia etc]# ma[root@magnolia etc]# man[root@magnolia etc]# man[root@magnolia etc]# man [root@magnolia etc]# man [root@magnolia etc]# man l[root@magnolia etc]# man l[root@magnolia etc]# man lo[root@magnolia etc]# man lo[root@magnolia etc]# man log[root@magnolia etc]# man log[root@magnolia etc]# man logr[root@magnolia etc]# man logr[root@magnolia etc]# man logro[root@magnolia etc]# man logro[root@magnolia etc]# man logrot[root@magnolia etc]# man logrot[root@magnolia etc]# man logrota[root@magnolia etc]# man logrota[root@magnolia etc]# man logrotat[root@magnolia etc]# man logrotat[root@magnolia etc]# man logrotate[root@magnolia etc]# man logrotate
[?1048h[?1047h[?1h=[28;1H[KLOGROTATE(8)             System Administrator’s Manual            LOGROTATE(8)

[1mNAME[0m
       logrotate − rotates, compresses, and mails system logs

[1mSYNOPSIS[0m
       [1mlogrotate[0m [‐dv] [‐f|‐‐force] [‐s|‐‐state [4mfile[24m] [4mconfig[24m[1m_[0m[4mfile[24m+

[1mDESCRIPTION[0m
       [1mlogrotate[0m  is  designed to ease administration of systems that generate
       large numbers of log files.  It allows automatic rotation, compression,
       removal, and mailing of log files.  Each log file may be handled daily,
       weekly, monthly, or when it grows too large.

       Normally, [1mlogrotate[0m is run as a daily cron job.  It will not  modify  a
       log  multiple  times  in  one  day unless the criterium for that log is
       based on the log’s size and [1mlogrotate[0m is being run multiple times  each
       day, or unless the [1m‐f[0m or [1m‐force[0m option is used.

       Any number of config files may be given on the command line. Later con‐
       fig files may override the options given in earlier files, so the order
       in  which  the [1mlogrotate[0m config files are listed in is important.  Nor‐
       mally, a single config file which includes any other config files which
       are  needed  should  be used.  See below for more information on how to
       use the [4minclude[24m directive to accomplish this.  If a directory is  given
       on  the  command line, every file in that directory is used as a config
       file.
[28;1H[K:[28;1H[28;1H[K
       If no command line arguments are given, [1mlogrotate[0m  will  print  version
       and  copyright  information,  along with a short usage summary.  If any
       errors occur while rotating logs, [1mlogrotate[0m  will  exit  with  non‐zero
       status.

[1mOPTIONS[0m
       [1m‐d[0m     Turns  on  debug mode and implies [1m‐v[0m.  In debug mode, no changes
              will be made to the logs or to the [1mlogrotate[0m state file.

       [1m‐f,[0m [1m‐−force[0m
              Tells [1mlogrotate[0m to force the rotation, even if it doesn’t  think
              this  is  necessary.   Sometimes this is useful after adding new
              entries to [1mlogrotate[0m, or if old log files have been  removed  by
              hand,  as  the  new files will be created, and logging will con‐
              tinue correctly.

       [1m‐m,[0m [1m‐−mail[0m [1m<command>[0m
              Tells [1mlogrotate[0m which command to use  when  mailing  logs.  This
              command  should accept two arguments: 1) the subject of the mes‐
              sage, and 2) the recipient. The command must then read a message
              on standard input and mail it to the recipient. The default mail
              command is [1m/bin/mail[0m [1m‐s[0m.

       [1m‐s,[0m [1m‐−state[0m [1m<statefile>[0m
              Tells [1mlogrotate[0m to use an alternate state file.  This is  useful
              if  logrotate  is being run as a different user for various sets
[28;1H[K:[28;1H[28;1H[K              of log files.  The default state file is [4m/var/lib/logrotate/sta‐[24m
              [4mtus[24m.

       [1m‐−usage[0m
              Prints a short usage message.

[1mCONFIGURATION[0m [1mFILE[0m
       [1mlogrotate[0m  reads  everything  about the log files it should be handling
       from the series of configuration files specified on the  command  line.
       Each configuration file can set global options (local definitions over‐
       ride global ones, and later  definitions  override  earlier  ones)  and
       specify  a  logfile  to  rotate. A simple configuration file looks like
       this:

       # sample logrotate configuration file
       compress

       /var/log/messages {
           rotate 5
           weekly
           postrotate
                                     /sbin/killall ‐HUP syslogd
           endscript
       }

       "/var/log/httpd/access.log" /var/log/httpd/error.log {
           rotate 5
[28;1H[K:[28;1H[28;1H[K           mail www@my.org
           size=100k
           sharedscripts
           postrotate
                                     /sbin/killall ‐HUP httpd
           endscript
       }

       /var/log/news/* {
           monthly
           rotate 2
           olddir /var/log/news/old
           missingok
           postrotate
                                     kill ‐HUP ‘cat /var/run/inn.pid‘
           endscript
           nocompress
       }

       The first few lines set global options; in the example, logs  are  com‐
       pressed after they are rotated.  Note that comments may appear anywhere
       in the config file as long as the first non‐whitespace character on the
       line is a #.

       The next section of the config files defined how to handle the log file
       [4m/var/log/messages[24m. The log will go through five weekly rotations before
       being  removed. After the log file has been rotated (but before the old
[28;1H[K:[28;1H[28;1H[K       version of the log has been compressed), the command [4m/sbin/killall[24m [4m‐HUP[24m
       [4msyslogd[24m will be executed.

       The     next     section    defines    the    parameters    for    both
       [4m/var/log/httpd/access.log[24m  and  [4m/var/log/httpd/error.log[24m.    They   are
       rotated whenever is grows over 100k is size, and the old logs files are
       mailed (uncompressed) to www@my.org after going  through  5  rotations,
       rather  then being removed. The [1msharedscripts[0m means that the [1mpostrotate[0m
       script will only be run once, not once for each log which  is  rotated.
       Note  that the double quotes around the first filename at the beginning
       of this section allows logrotate to rotate  logs  with  spaces  in  the
       name.  Normal  shell  quoting  rules apply, with ’, ", and \ characters
       supported.

       The last section defines  the  parameters  for  all  of  the  files  in
       [4m/var/log/news[24m.  Each  file is rotated on a monthly basis.  This is con‐
       sidered a single rotation directive and if errors occur for  more  then
       one file, the log files are not compressed.

       Please  use  wildcards  with caution.  If you specify *, [1mlogrotate[0m will
       rotate all files, including previously rotated ones.  A way around this
       is  to  use  the  [1molddir[0m  directive  or  a more exact wildcard (such as
       *.log).

       Here is more information on the directives which may be included  in  a
       [1mlogrotate[0m configuration file:

[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       being  removed. After the log file has been rotated (but before the old
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       [4m/var/log/messages[24m. The log will go through five weekly rotations before
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       The next section of the config files defined how to handle the log file
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       line is a #.
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       in the config file as long as the first non‐whitespace character on the
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       pressed after they are rotated.  Note that comments may appear anywhere
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       The first few lines set global options; in the example, logs  are  com‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       }
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM           nocompress
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM           endscript
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM                                     kill ‐HUP ‘cat /var/run/inn.pid‘
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM           postrotate
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM           missingok
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM           olddir /var/log/news/old
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM           rotate 2
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM           monthly
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       /var/log/news/* {
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM       }
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM           endscript
[28;1H[K:[28;1H[K [KESCESC[KOO[KAA[28;1H[HM                                     /sbin/killall ‐HUP httpd
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [4m/var/log/httpd/access.log[24m  and  [4m/var/log/httpd/error.log[24m.    They   are
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       rotated whenever is grows over 100k is size, and the old logs files are
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       mailed (uncompressed) to www@my.org after going  through  5  rotations,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       rather  then being removed. The [1msharedscripts[0m means that the [1mpostrotate[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       script will only be run once, not once for each log which  is  rotated.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       Note  that the double quotes around the first filename at the beginning
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       of this section allows logrotate to rotate  logs  with  spaces  in  the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       name.  Normal  shell  quoting  rules apply, with ’, ", and \ characters
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       supported.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       The last section defines  the  parameters  for  all  of  the  files  in
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [4m/var/log/news[24m.  Each  file is rotated on a monthly basis.  This is con‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       sidered a single rotation directive and if errors occur for  more  then
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       one file, the log files are not compressed.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       Please  use  wildcards  with caution.  If you specify *, [1mlogrotate[0m will
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       rotate all files, including previously rotated ones.  A way around this
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       is  to  use  the  [1molddir[0m  directive  or  a more exact wildcard (such as
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       *.log).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       Here is more information on the directives which may be included  in  a
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mlogrotate[0m configuration file:
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mcompress[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Old  versions  of log files are compressed with [1mgzip[0m by default.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              See also [1mnocompress[0m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mcompresscmd[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Specifies which command to  use  to  compress  log  files.   The
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              default is [1mgzip[0m.  See also [1mcompress[0m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1muncompresscmd[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Specifies  which  command  to  use to uncompress log files.  The
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              default is [1mgunzip[0m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mcompressext[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Specifies which extension to use on compressed logfiles, if com‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              pression is enabled.  The default follows that of the configured
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              compression command.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mcompressoptions[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Command line options may be passed to the  compression  program,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              if  one is in use.  The default, for [1mgzip[0m, is "‐9" (maximum com‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              pression).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mcopy[0m   Make a copy of the log file, but don’t change  the  original  at
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              all.   This option can be used, for instance, to make a snapshot
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              of the current log file, or when some  other  utility  needs  to
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              truncate or pare the file.  When this option is used, the [1mcreate[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              option will have no effect, as the old log file stays in  place.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mcopytruncate[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Truncate  the  original log file in place after creating a copy,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              instead of moving the old log file and optionally creating a new
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              one,  It  can be used when some program can not be told to close
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              its logfile and thus might continue writing (appending)  to  the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              previous log file forever.  Note that there is a very small time
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              slice between copying the file and truncating it, so  some  log‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              ging  data  might be lost.  When this option is used, the [1mcreate[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              option will have no effect, as the old log file stays in  place.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mcreate[0m [4mmode[24m [4mowner[24m [4mgroup[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Immediately after rotation (before the [1mpostrotate[0m script is run)
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              the log file is created (with the same name as the log file just
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              rotated).   [4mmode[24m  specifies  the  mode for the log file in octal
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              (the same as [1mchmod(2)[0m), [4mowner[24m specifies the user name  who  will
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              own  the  log  file,  and [4mgroup[24m specifies the group the log file
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              will belong to. Any of the log file attributes may  be  omitted,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              in  which  case  those  attributes for the new file will use the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              same values as the original log file for the omitted attributes.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              This option can be disabled using the [1mnocreate[0m option.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mdaily[0m  Log files are rotated every day.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mdelaycompress[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Postpone  compression of the previous log file to the next rota‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              tion cycle.  This has only effect when used in combination  with
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              [1mcompress[0m.   It  can be used when some program can not be told to
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              close its logfile and thus might continue writing to the  previ‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              ous log file for some time.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mextension[0m [4mext[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Log  files  are given the final extension [4mext[24m after rotation. If
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              compression is used, the compression  extension  (normally  [1m.gz[0m)
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              appears after [4mext[24m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mifempty[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Rotate  the  log  file  even  if  it  is  empty,  overiding  the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              [1mnotifempty[0m option (ifempty is the default).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1minclude[0m [4mfile[24m[1m_[0m[4mor[24m[1m_[0m[4mdirectory[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Reads the file given as an argument as if it was included inline
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              where  the  [1minclude[0m  directive appears. If a directory is given,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              most of the files in that directory are read in alphabetic order
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              before  processing  of  the  including  file continues. The only
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              files which are ignored are files which are  not  regular  files
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              (such  as directories and named pipes) and files whose names end
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              with one of the taboo extensions, as specified by  the  [1mtabooext[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              directive.  The [1minclude[0m directive may not appear inside of a log
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              file definition.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mmail[0m [4maddress[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              When a log is rotated out‐of‐existence, it is mailed to [4maddress[24m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              If  no  mail should be generated by a particular log, the [1mnomail[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              directive may be used.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mmailfirst[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              When using the [1mmail[0m command, mail the just‐rotated file, instead
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              of the about‐to‐expire file.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mmaillast[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              When  using  the  [1mmail[0m  command,  mail the about‐to‐expire file,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              instead of the just‐rotated file (this is the default).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mmissingok[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              If the log file is missing, go on to the next one without  issu‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              ing an error message. See also [1mnomissingok[0m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mmonthly[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Log files are rotated the first time [1mlogrotate[0m is run in a month
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              (this is normally on the first day of the month).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnocompress[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Old versions of log files are not compressed with [1mgzip[0m. See also
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              [1mcompress[0m.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnocopy[0m Do  not copy the original log file and leave it in place.  (this
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              overrides the [1mcopy[0m option).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnocopytruncate[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Do not truncate the original log file in place after creating  a
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              copy (this overrides the [1mcopytruncate[0m option).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnocreate[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              New  log  files  are  not  created  (this  overrides  the [1mcreate[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              option).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnodelaycompress[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Do not postpone compression of the previous log file to the next
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              rotation cycle (this overrides the [1mdelaycompress[0m option).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnomail[0m Don’t mail old log files to any address.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnomissingok[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              If  a  log  file  does  not  exist,  issue an error. This is the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              default.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnoolddir[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Logs are rotated in the same directory the log normally  resides
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              in (this overrides the [1molddir[0m option).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnosharedscripts[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Run  [1mprerotate[0m  and [1mpostrotate[0m scripts for every script which is
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              rotated (this is the default, and  overrides  the  [1msharedscripts[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              option).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mnotifempty[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Do not rotate the log if it is empty (this overrides the [1mifempty[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              option).
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1molddir[0m [4mdirectory[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Logs are moved into [4mdirectory[24m for rotation. The  [4mdirectory[24m  must
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              be  on  the  same physical device as the log file being rotated.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              When this option is used all old versions of the log end  up  in
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              [4mdirectory[24m.  This option may be overriden by the [1mnoolddir[0m option.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mpostrotate[0m/[1mendscript[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              The lines between [4mpostrotate[24m and [4mendscript[24m (both of  which  must
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              appear  on  lines by themselves) are executed after the log file
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              is rotated. These directives may only appear  inside  of  a  log
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              file definition.  See [1mprerotate[0m as well.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mprerotate[0m/[1mendscript[0mThe  lines  between [1mprerotate[0m and [1mendscript[0m (both of
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       which
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              must  appear on lines by themselves) are executed before the log
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              file is rotated and only if the log will  actually  be  rotated.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              These  directives  may  only appear inside of a log file defini‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              tion.  See [1mpostrotate[0m as well.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mrotate[0m [4mcount[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Log files are rotated <count>  times  before  being  removed  or
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              mailed to the address specified in a [1mmail[0m directive. If [4mcount[24m is
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              0, old versions are removed rather then rotated.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1msize[0m [4msize[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Log files are rotated when they grow bigger then [4msize[24m bytes.  If
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              [4msize[24m  is  followed by [4mM[24m, the size if assumed to be in megabytes.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              If the [4mk[24m is used, the size is in kilobytes. So  [1msize[0m  [1m100[0m,  [4msize[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              [4m100k[24m, and [4msize[24m [4m100M[24m are all valid.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1msharedscripts[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              Normally,  [1mprescript[0m and [1mpostscript[0m scripts are run for each log
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              which is rotated, meaning that a single script may be run multi‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              ple  times for log file entries which match multiple files (such
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              as the /var/log/news/* example). If [1msharedscript[0m  is  specified,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              the scripts are only run once, no matter how many logs match the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              wildcarded pattern.  However, if none of the logs in the pattern
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              require  rotating,  the  scripts  will  not  be run at all. This
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              option overrides the nosharedscripts option.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mstart[0m [4mcount[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              This is the number to use as the base for rotation. For example,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              if  you  specify 0, the logs will be created with a .0 extension
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              as they are rotated from the original log files.  If you specify
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              9,  log  files  will  be created with a .9, skipping 0‐8.  Files
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              will still be rotated the number of  times  specified  with  the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              [1mcount[0m directive.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mtabooext[0m [+] [4mlist[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              The  current  taboo  extension  list is changed (see the [1minclude[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              directive for information on the taboo extensions). If a +  pre‐
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              cedes  the  list of extensions, the current taboo extension list
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              is augmented, otherwise it is replaced. At  startup,  the  taboo
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              extension  list  contains .rpmorig, .rpmsave, ,v, .swp, .rpmnew,
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              and ~.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [1mweekly[0m Log files are rotated if the current weekday is  less  then  the
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              weekday  of  the last rotation or if more then a week has passed
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              since the last rotation. This is normally the same  as  rotating
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              logs on the first day of the week, but it works better if [4mlogro‐[24m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K              [4mtate[24m is not run every night.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[1mFILES[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [4m/var/lib/logrotate/status[24m  Default state file.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [4m/etc/logrotate.conf[24m        Configuration options.
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[1mSEE[0m [1mALSO[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       [4mgzip[24m(1)
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[1mAUTHORS[0m
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       Erik Troan <ewt@redhat.com>
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K       Preston Brown <pbrown@redhat.com>
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K4th Berkeley Distribution       Wed Nov 28 2001                   LOGROTATE(8)
[28;1H[K:[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K [KESCESC[KOO[KBB[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K[?1l>[?1047l[?1048l]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# l[root@magnolia etc]# l[root@magnolia etc]# ls[root@magnolia etc]# ls[root@magnolia etc]# ls [root@magnolia etc]# ls [root@magnolia etc]# ls *[root@magnolia etc]# ls *[root@magnolia etc]# ls *l[root@magnolia etc]# ls *l[root@magnolia etc]# ls *lo[root@magnolia etc]# ls *lo[root@magnolia etc]# ls *log[root@magnolia etc]# ls *log[root@magnolia etc]# ls *log*[root@magnolia etc]# ls *log*
[00m[00maeplog.conf[00m  [00minitlog.conf[00m  [00mlogrotate.conf[00m  [00msyslog.conf.last021123[00m
[00mcsh.login[00m    [00mlogin.defs[00m    [00msyslog.conf[00m

log.d:
[00;34mconf[00m  [00;36mlogwatch[00m  [00;36mlogwatch.conf[00m  [00;34mscripts[00m

logrotate.d:
[00mnamed[00m  [00mrpm[00m  [00msamba[00m  [00msnmpd[00m  [00msyslog[00m  [00mup2date[00m
[m]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd c[root@magnolia etc]# cd c[root@magnolia etc]# cd cr[root@magnolia etc]# cd cr[root@magnolia etc]# cd cro[root@magnolia etc]# cd cro[root@magnolia etc]# cd cron[root@magnolia etc]# cd cron[root@magnolia etc]# cd cron.[root@magnolia etc]# cd cron.[root@magnolia etc]# cd cron.d[root@magnolia etc]# cd cron.d[root@magnolia etc]# cd cron.da[root@magnolia etc]# cd cron.da[root@magnolia etc]# cd cron.dai[root@magnolia etc]# cd cron.dai[root@magnolia etc]# cd cron.dail[root@magnolia etc]# cd cron.dail[root@magnolia etc]# cd cron.daily[root@magnolia etc]# cd cron.daily
]0;barrie@magnolia:/etc/cron.daily[root@magnolia cron.daily]# [root@magnolia cron.daily]# [root@magnolia cron.daily]# l[root@magnolia cron.daily]# l[root@magnolia cron.daily]# ls[root@magnolia cron.daily]# ls
[00m[00;36m00-logwatch[00m  [00;32m0anacron[00m   [00;32mmakewhatis.cron[00m  [00;32mslocate.cron[00m  [00;32mtmpwatch[00m
[00;32m00webalizer[00m  [00;32mlogrotate[00m  [00;32mrpm[00m              [00;32mtetex.cron[00m
[m]0;barrie@magnolia:/etc/cron.daily[root@magnolia cron.daily]# [root@magnolia cron.daily]# [root@magnolia cron.daily]# m[root@magnolia cron.daily]# m[root@magnolia cron.daily]# mo[root@magnolia cron.daily]# mo[root@magnolia cron.daily]# mor[root@magnolia cron.daily]# mor[root@magnolia cron.daily]# more[root@magnolia cron.daily]# more[root@magnolia cron.daily]# more [root@magnolia cron.daily]# more [root@magnolia cron.daily]# more l[root@magnolia cron.daily]# more l[root@magnolia cron.daily]# more lo[root@magnolia cron.daily]# more lo[root@magnolia cron.daily]# more log[root@magnolia cron.daily]# more log[root@magnolia cron.daily]# more logr[root@magnolia cron.daily]# more logr[root@magnolia cron.daily]# more logro[root@magnolia cron.daily]# more logro[root@magnolia cron.daily]# more logrot[root@magnolia cron.daily]# more logrot[root@magnolia cron.daily]# more logrota[root@magnolia cron.daily]# more logrota[root@magnolia cron.daily]# more logrotat[root@magnolia cron.daily]# more logrotat[root@magnolia cron.daily]# more logrotate[root@magnolia cron.daily]# more logrotate
#!/bin/sh

/usr/sbin/logrotate /etc/logrotate.conf
]0;barrie@magnolia:/etc/cron.daily[root@magnolia cron.daily]# [root@magnolia cron.daily]# [root@magnolia cron.daily]# c[root@magnolia cron.daily]# c[root@magnolia cron.daily]# cd[root@magnolia cron.daily]# cd[root@magnolia cron.daily]# cd [root@magnolia cron.daily]# cd [root@magnolia cron.daily]# cd /[root@magnolia cron.daily]# cd /[root@magnolia cron.daily]# cd /u[root@magnolia cron.daily]# cd /u[root@magnolia cron.daily]# cd /us[root@magnolia cron.daily]# cd /us[root@magnolia cron.daily]# cd /usr[root@magnolia cron.daily]# cd /usr[root@magnolia cron.daily]# cd /usr/[root@magnolia cron.daily]# cd /usr/[root@magnolia cron.daily]# cd /usr/s[root@magnolia cron.daily]# cd /usr/s[root@magnolia cron.daily]# cd /usr/sb[root@magnolia cron.daily]# cd /usr/sb[root@magnolia cron.daily]# cd /usr/sbi[root@magnolia cron.daily]# cd /usr/sbi[root@magnolia cron.daily]# cd /usr/sbin[root@magnolia cron.daily]# cd /usr/sbin
]0;barrie@magnolia:/usr/sbin[root@magnolia sbin]# [root@magnolia sbin]# [root@magnolia sbin]# l[root@magnolia sbin]# l[root@magnolia sbin]# ls[root@magnolia sbin]# ls[root@magnolia sbin]# ls [root@magnolia sbin]# ls [root@magnolia sbin]# ls l[root@magnolia sbin]# ls l[root@magnolia sbin]# ls lo[root@magnolia sbin]# ls lo[root@magnolia sbin]# ls log[root@magnolia sbin]# ls log[root@magnolia sbin]# ls logr[root@magnolia sbin]# ls logr[root@magnolia sbin]# ls logr*[root@magnolia sbin]# ls logr*
[00m[00;32mlogrotate[00m
[m]0;barrie@magnolia:/usr/sbin[root@magnolia sbin]# [root@magnolia sbin]# [root@magnolia sbin]# m[root@magnolia sbin]# m[root@magnolia sbin]# mo[root@magnolia sbin]# mo[root@magnolia sbin]# mor[root@magnolia sbin]# mor[root@magnolia sbin]# more[root@magnolia sbin]# more[root@magnolia sbin]# more [root@magnolia sbin]# more [root@magnolia sbin]# more l[root@magnolia sbin]# more l[root@magnolia sbin]# more lo[root@magnolia sbin]# more lo[root@magnolia sbin]# more log[root@magnolia sbin]# more log[root@magnolia sbin]# more logr[root@magnolia sbin]# more logr[root@magnolia sbin]# more logro[root@magnolia sbin]# more logro[root@magnolia sbin]# more logrot[root@magnolia sbin]# more logrot[root@magnolia sbin]# more logrota[root@magnolia sbin]# more logrota[root@magnolia sbin]# more logrotat[root@magnolia sbin]# more logrotat[root@magnolia sbin]# more logrotate[root@magnolia sbin]# more logrotate

******** logrotate: Not a text file ********

]0;barrie@magnolia:/usr/sbin[root@magnolia sbin]# [root@magnolia sbin]# [root@magnolia sbin]# v[root@magnolia sbin]# v[root@magnolia sbin]# [K[root@magnolia sbin]# [root@magnolia sbin]# v[root@magnolia sbin]# v[root@magnolia sbin]# vf[root@magnolia sbin]# vf[root@magnolia sbin]# vf [root@magnolia sbin]# vf [root@magnolia sbin]# vf[K[root@magnolia sbin]# vf[root@magnolia sbin]# v[K[root@magnolia sbin]# v[root@magnolia sbin]# [K[root@magnolia sbin]# [root@magnolia sbin]# c[root@magnolia sbin]# c[root@magnolia sbin]# cd[root@magnolia sbin]# cd[root@magnolia sbin]# cd [root@magnolia sbin]# cd [root@magnolia sbin]# cd /[root@magnolia sbin]# cd /[root@magnolia sbin]# cd /l[root@magnolia sbin]# cd /l[root@magnolia sbin]# cd /lo[root@magnolia sbin]# cd /lo[root@magnolia sbin]# cd /log[root@magnolia sbin]# cd /log
bash: cd: /log: No such file or directory
]0;barrie@magnolia:/usr/sbin[root@magnolia sbin]# [root@magnolia sbin]# [root@magnolia sbin]# l[root@magnolia sbin]# l[root@magnolia sbin]# ls[root@magnolia sbin]# ls
[00m[00;32maccept[00m                     [00;36mhwclock[00m          [00;32mntp-genkeys[00m                  [00;32mrpc.mountd[00m
[00;36madduser[00m                    [00;36mibod[00m             [00;32mntpq[00m                         [00;32mrpc.nfsd[00m
[00;36madsl-connect[00m               [00;36micnctrl[00m          [00;32mntptime[00m                      [00;32mrpc.rquotad[00m
[00;36madsl-setup[00m                 [00;32miconvconfig[00m      [00;32mntptimeset[00m                   [00;32mrtacct[00m
[00;36madsl-start[00m                 [00;32mimon[00m             [00;32mntptrace[00m                     [00;32msafe_finger[00m
[00;36madsl-status[00m                [00;32mimontty[00m          [00;32mntp-wait[00m                     [00;32msaned[00m
[00;36madsl-stop[00m                  [00;32minetdconvert[00m     [00;32mntsysv[00m                       [00;32msaslauthd[00m
[00;32maepdaemon[00m                  [00;36minternet-druid[00m   [00;32mpacker[00m                       [00;32msasldblistusers[00m
[00;32maepload[00m                    [00;36mipppd[00m            [00;36mpcbitctl[00m                     [00;32msasldblistusers2[00m
[00;32maeptest[00m                    [00;36mipppstats[00m        [00;32mping6[00m                        [00;32msaslpasswd[00m
[00;32maepversion[00m                 [00;36miprofd[00m           [00;32mpmap_dump[00m                    [00;32msaslpasswd2[00m
[00;32malternatives[00m               [00;32mirattach[00m         [00;32mpmap_set[00m                     [00;36msendmail[00m
[00;32manacron[00m                    [00;32mirdaping[00m         [00;32mpostalias[00m                    [00;32msendmail.postfix[00m
[00;32mapmd[00m                       [00;36misdnctrl[00m         [00;32mpostcat[00m                      [00;32msendmail.sendmail[00m
[00;36marping[00m                     [00;36misdnlog[00m          [00;32mpostconf[00m                     [00;32msensors-detect[00m
[00;32matd[00m                        [00;32misdnup[00m           [00;32mpostdrop[00m                     [00;36mserviceconf[00m
[00;32matrun[00m                      [00;32mkbdconfig[00m        [00;32mpostfix[00m                      [00;32msetclock[00m
[00;32mauthconfig[00m                 [00;32mkbdrate[00m          [00;32mpostkick[00m                     [00;32msetpcaps[00m
[00;32mautomount[00m                  [00;32mkppp[00m             [00;32mpostlock[00m                     [00;32msetquota[00m
[00;36mavmcapictrl[00m                [00;36mksconfig[00m         [00;32mpostlog[00m                      [00;32msetup[00m
[00;32mbonobo-activation-sysconf[00m  [00;32mkudzu[00m            [00;32mpostmap[00m                      [00;32mshowmount[00m
[00;32mbuild-locale-archive[00m       [00;32mlchage[00m           [00;32mpostqueue[00m                    [00;32msmbd[00m
[00;32mcamel-lock-helper[00m          [00;32mlgroupadd[00m        [00;32mpostsuper[00m                    [00;32msmrsh[00m
[00;36mcapiinit[00m                   [00;32mlgroupdel[00m        [00;32mpppd[00m                         [00;32msmtp-sink[00m
[00;32mchat[00m                       [00;32mlgroupmod[00m        [00;32mpppdump[00m                      [00;32msmtp-source[00m
[00;32mcheckpc[00m                    [00;32mlid[00m              [00;36mpppoe[00m                        [00;32msnmpd[00m
[00;32mchkfontpath[00m                [00;32mlnewusers[00m        [00;36mpppoe-relay[00m                  [00;32msnmptrapd[00m
[00;32mchpasswd[00m                   [00;32mlockdev[00m          [00;36mpppoe-server[00m                 [00;32msshd[00m
[00;32mchroot[00m                     [00;32mlogrotate[00m        [00;36mpppoe-sniff[00m                  [00;32mstrfile[00m
[00;32mclockdiff[00m                  [00;36mlogwatch[00m         [00;32mpppstats[00m                     [00;32mstunnel[00m
[00;32mcrond[00m                      [00;32mlokkit[00m           [00;32mpraliases[00m                    [00;32msucap[00m
[00;32mcupsaddsmb[00m                 [00;36mloopctrl[00m         [00;32mprintconf[00m                    [00;32msys-unconfig[00m
[00;32mcupsd[00m                      [00;32mlpadmin[00m          [00;32mprintconf-backend[00m            [00;32mtcpd[00m
[00;32mdbconverter-2[00m              [00;32mlpasswd[00m          [00;32mprintconf-gui[00m                [00;32mtcpdump[00m
[00;32mddcprobe[00m                   [00;36mlpc[00m              [00;32mprintconf-tui[00m                [00;32mtcpslice[00m
[00;32mdns-keygen[00m                 [00;32mlpc.cups[00m         [00;36mprinttool[00m                    [00;32mtethereal[00m
[00;32mdnssec-keygen[00m              [00;32mlpc.LPRng[00m        [00;32mpwck[00m                         [00;32mtickadj[00m
[00;32mdnssec-makekeyset[00m          [00;32mlpd[00m              [00;32mpwconv[00m                       [00;32mtimeconfig[00m
[00;32mdnssec-signkey[00m             [00;32mlpdomatic[00m        [00;32mpwunconv[00m                     [00;32mtmpwatch[00m
[00;32mdnssec-signzone[00m            [00;32mlpinfo[00m           [00;32mquotastats[00m                   [00;32mtracepath[00m
[00;32mdongle_attach[00m              [00;32mlpmove[00m           [00;36mramsize[00m                      [00;32mtracepath6[00m
[00;32meditcap[00m                    [00;32mlsof[00m             [00;32mrcapid[00m                       [00;32mtraceroute[00m
[00;32medquota[00m                    [00;32mluseradd[00m         [00;32mrdev[00m                         [00;32mtraceroute6[00m
[00;32methtool[00m                    [00;32mluserdel[00m         [00;32mrdisc[00m                        [00;32mtry-from[00m
[00;32mexeccap[00m                    [00;32mlusermod[00m         [00;32mrdistd[00m                       [00;32mtunelp[00m
[00;32mexportfs[00m                   [00;32mlwresd[00m           [00;32mreadprofile[00m                  [00;32munstr[00m
[00;32mfbset[00m                      [00;32mmailstats[00m        [00;32mredhat-cdinstall-helper[00m      [00;32mup2date[00m
[00;32mfindchip[00m                   [00;32mmakemap[00m          [00;36mredhat-config-bind[00m           [00;36mup2date-config[00m
[00;32mfirstboot[00m                  [00;32mmakewhatis[00m       [00;32mredhat-config-bind-gui[00m       [00;36mup2date-nox[00m
[00;32mfoomatic-addpjloptions[00m     [00;32mmkdict[00m           [00;32mredhat-config-kickstart[00m      [00;36mupdate-alternatives[00m
[00;32mfoomatic-fix-xml[00m           [00;32mmklost+found[00m     [00;36mredhat-config-network[00m        [00;32mupdfstab[00m
[00;32mfoomatic-getpjloptions[00m     [00;32mmksock[00m           [00;36mredhat-config-network-cmd[00m    [00;32museradd[00m
[00;32mfoomatic-kitload[00m           [00;36mmkzonedb[00m         [00;36mredhat-config-network-druid[00m  [00;32muserdel[00m
[00;32mfoomatic-ppdload[00m           [00;32mmodeline2fb[00m      [00;32mredhat-config-packages[00m       [00;32muserhelper[00m
[00;32mfoomatic-preferred-driver[00m  [00;32mmodule_upgrade[00m   [00;36mredhat-config-printer[00m        [00;32muserisdnctl[00m
[00;32mgdmaskpass[00m                 [00;32mmonitor[00m          [00;36mredhat-config-printer-gui[00m    [00;32musermod[00m
[00;32mgdmconfig[00m                  [00;32mmouseconfig[00m      [00;36mredhat-config-printer-tui[00m    [00;32musernetctl[00m
[00;32mgdmopen[00m                    [00;32mmtr[00m              [00;32mredhat-config-proc[00m           [00;32mutempter[00m
[00;32mgdm-restart[00m                [00;32mnamed[00m            [00;36mredhat-config-services[00m       [00;36mvboxd[00m
[00;32mgdm-safe-restart[00m           [00;32mnamed-bootconf[00m   [00;32mredhat-install-packages[00m      [00;36mvidmode[00m
[00;32mgdmsetup[00m                   [00;32mnamed-checkconf[00m  [00;32mredhat-switchmail[00m            [00;36mvigr[00m
[00;32mgetpcaps[00m                   [00;32mnamed-checkzone[00m  [00;36mredhat-switchmail-nox[00m        [00;32mvipw[00m
[00;32mglibc_post_upgrade[00m         [00;36mneat[00m             [00;32mredhat-switch-printer[00m        [00;32mvisudo[00m
[00;32mgnome-pty-helper[00m           [00;36mneat-tui[00m         [00;36mredhat-switch-printer-nox[00m    [00;32mwarnquota[00m
[00;32mgpm[00m                        [00;32mnetconfig[00m        [00;36mreject[00m                       [00;32mwinbindd[00m
[00;32mgroupadd[00m                   [00;32mnewusers[00m         [00;32mrepquota[00m                     [00;32mxcdroast[00m
[00;32mgroupdel[00m                   [00;32mnfsstat[00m          [00;32mrhn_check[00m                    [00;32mxinetd[00m
[00;32mgroupmod[00m                   [00;32mnhfsstone[00m        [00;32mrhnreg_ks[00m                    [00;32mxinetd-ipv6[00m
[00;32mgrpck[00m                      [00;32mnmbd[00m             [00;32mrhnsd[00m                        [00;32myppoll[00m
[00;32mgrpconv[00m                    [00;32mnscd[00m             [00;32mrndc[00m                         [00;32mypset[00m
[00;32mgrpunconv[00m                  [00;32mntpd[00m             [00;32mrndc-confgen[00m                 [00;32myptest[00m
[00;36mhisaxctrl[00m                  [00;32mntpdate[00m          [00;36mrootflags[00m                    [00;32mzdump[00m
[00;32mhotplugctl[00m                 [00;32mntpdc[00m            [00;32mrpcinfo[00m                      [00;32mzic[00m
[m]0;barrie@magnolia:/usr/sbin[root@magnolia sbin]# [root@magnolia sbin]# [root@magnolia sbin]# m[root@magnolia sbin]# m[root@magnolia sbin]# mo[root@magnolia sbin]# mo[root@magnolia sbin]# mor[root@magnolia sbin]# mor[root@magnolia sbin]# more[root@magnolia sbin]# more[root@magnolia sbin]# more [root@magnolia sbin]# more [root@magnolia sbin]# more l[root@magnolia sbin]# more l[root@magnolia sbin]# more lo[root@magnolia sbin]# more lo[root@magnolia sbin]# more log[root@magnolia sbin]# more log[root@magnolia sbin]# more logr[root@magnolia sbin]# more logr[root@magnolia sbin]# more logro[root@magnolia sbin]# more logro[root@magnolia sbin]# more logrot[root@magnolia sbin]# more logrot[root@magnolia sbin]# more logrota[root@magnolia sbin]# more logrota[root@magnolia sbin]# more logrotat[root@magnolia sbin]# more logrotat[root@magnolia sbin]# more logrotate[root@magnolia sbin]# more logrotate[root@magnolia sbin]# more logrotate.[root@magnolia sbin]# more logrotate.[root@magnolia sbin]# more logrotate.c[root@magnolia sbin]# more logrotate.c[root@magnolia sbin]# more logrotate.co[root@magnolia sbin]# more logrotate.co[root@magnolia sbin]# more logrotate.con[root@magnolia sbin]# more logrotate.con[root@magnolia sbin]# more logrotate.conf[root@magnolia sbin]# more logrotate.conf
logrotate.conf: No such file or directory
]0;barrie@magnolia:/usr/sbin[root@magnolia sbin]# [root@magnolia sbin]# [root@magnolia sbin]# m[root@magnolia sbin]# m[root@magnolia sbin]# mo[root@magnolia sbin]# mo[root@magnolia sbin]# mor[root@magnolia sbin]# mor[root@magnolia sbin]# more[root@magnolia sbin]# more[root@magnolia sbin]# more [root@magnolia sbin]# more [root@magnolia sbin]# more r[root@magnolia sbin]# more r[root@magnolia sbin]# more ro[root@magnolia sbin]# more ro[root@magnolia sbin]# more rot[root@magnolia sbin]# more rot[root@magnolia sbin]# more rote[root@magnolia sbin]# more rote[root@magnolia sbin]# more rotea[root@magnolia sbin]# more rotea[root@magnolia sbin]# more roteat[root@magnolia sbin]# more roteat[root@magnolia sbin]# more rotea[K[root@magnolia sbin]# more rotea[root@magnolia sbin]# more rote[K[root@magnolia sbin]# more rote[root@magnolia sbin]# more rot[K[root@magnolia sbin]# more rot[root@magnolia sbin]# more rota[root@magnolia sbin]# more rota[root@magnolia sbin]# more rotat[root@magnolia sbin]# more rotat[root@magnolia sbin]# more rotate[root@magnolia sbin]# more rotate[root@magnolia sbin]# more rotate.[root@magnolia sbin]# more rotate.[root@magnolia sbin]# more rotate.c[root@magnolia sbin]# more rotate.c[root@magnolia sbin]# more rotate.co[root@magnolia sbin]# more rotate.co[root@magnolia sbin]# more rotate.con[root@magnolia sbin]# more rotate.con[root@magnolia sbin]# more rotate.conf[root@magnolia sbin]# more rotate.conf
rotate.conf: No such file or directory
]0;barrie@magnolia:/usr/sbin[root@magnolia sbin]# [root@magnolia sbin]# [root@magnolia sbin]# c[root@magnolia sbin]# c[root@magnolia sbin]# cd[root@magnolia sbin]# cd[root@magnolia sbin]# cd [root@magnolia sbin]# cd [root@magnolia sbin]# cd /[root@magnolia sbin]# cd /[root@magnolia sbin]# cd /v[root@magnolia sbin]# cd /v[root@magnolia sbin]# cd /va[root@magnolia sbin]# cd /va[root@magnolia sbin]# cd /var[root@magnolia sbin]# cd /var[root@magnolia sbin]# cd /var/[root@magnolia sbin]# cd /var/[root@magnolia sbin]# cd /var/l[root@magnolia sbin]# cd /var/l[root@magnolia sbin]# cd /var/lo[root@magnolia sbin]# cd /var/lo[root@magnolia sbin]# cd /var/log[root@magnolia sbin]# cd /var/log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# m[root@magnolia log]# m[root@magnolia log]# mo[root@magnolia log]# mo[root@magnolia log]# mor[root@magnolia log]# mor[root@magnolia log]# more[root@magnolia log]# more[root@magnolia log]# more [root@magnolia log]# more [root@magnolia log]# more l[root@magnolia log]# more l[root@magnolia log]# more [K[root@magnolia log]# more [root@magnolia log]# more r[root@magnolia log]# more r[root@magnolia log]# more ro[root@magnolia log]# more ro[root@magnolia log]# more rot[root@magnolia log]# more rot[root@magnolia log]# more rota[root@magnolia log]# more rota[root@magnolia log]# more rotat[root@magnolia log]# more rotat[root@magnolia log]# more rotate[root@magnolia log]# more rotate[root@magnolia log]# more rotate.[root@magnolia log]# more rotate.[root@magnolia log]# more rotate.c[root@magnolia log]# more rotate.c[root@magnolia log]# more rotate.co[root@magnolia log]# more rotate.co[root@magnolia log]# more rotate.con[root@magnolia log]# more rotate.con[root@magnolia log]# more rotate.conf[root@magnolia log]# more rotate.conf
rotate.conf: No such file or directory
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# m[root@magnolia log]# m[root@magnolia log]# mo[root@magnolia log]# mo[root@magnolia log]# mor[root@magnolia log]# mor[root@magnolia log]# more[root@magnolia log]# more[root@magnolia log]# more [root@magnolia log]# more [root@magnolia log]# more l[root@magnolia log]# more l[root@magnolia log]# more lo[root@magnolia log]# more lo[root@magnolia log]# more log[root@magnolia log]# more log[root@magnolia log]# more logr[root@magnolia log]# more logr[root@magnolia log]# more logro[root@magnolia log]# more logro[root@magnolia log]# more logrot[root@magnolia log]# more logrot[root@magnolia log]# more logrota[root@magnolia log]# more logrota[root@magnolia log]# more logrotat[root@magnolia log]# more logrotat[root@magnolia log]# more logrotat.[root@magnolia log]# more logrotat.[root@magnolia log]# more logrotat[K[root@magnolia log]# more logrotat[root@magnolia log]# more logrotate[root@magnolia log]# more logrotate[root@magnolia log]# more logrotate.[root@magnolia log]# more logrotate.[root@magnolia log]# more logrotate.c[root@magnolia log]# more logrotate.c[root@magnolia log]# more logrotate.co[root@magnolia log]# more logrotate.co[root@magnolia log]# more logrotate.con[root@magnolia log]# more logrotate.con[root@magnolia log]# more logrotate.conf[root@magnolia log]# more logrotate.conf
logrotate.conf: No such file or directory
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ls[root@magnolia log]# ls
[00m[00mboot.log[00m    [00mcron.4[00m   [00mksyms.4[00m    [00mmessages[00m    [00mrpmpkgs.4[00m         [00mspooler.1[00m  [00;34mvbox[00m
[00mboot.log.1[00m  [00;34mcups[00m     [00mksyms.5[00m    [00mmessages.1[00m  [00;34msamba[00m             [00mspooler.2[00m  [00mwtmp[00m
[00mboot.log.2[00m  [00mdmesg[00m    [00mksyms.6[00m    [00mmessages.2[00m  [00mscrollkeeper.log[00m  [00mspooler.3[00m  [00mwtmp.1[00m
[00mboot.log.3[00m  [00;34mgdm[00m      [00mlastlog[00m    [00mmessages.3[00m  [00msecure[00m            [00mspooler.4[00m  [00mXFree86.0.log[00m
[00mboot.log.4[00m  [00;34mhttpd[00m    [00mmaillog[00m    [00mmessages.4[00m  [00msecure.1[00m          [00mup2date[00m
[00mcron[00m        [00mksyms.0[00m  [00mmaillog.1[00m  [00mrpmpkgs[00m     [00msecure.2[00m          [00mup2date.1[00m
[00mcron.1[00m      [00mksyms.1[00m  [00mmaillog.2[00m  [00mrpmpkgs.1[00m   [00msecure.3[00m          [00mup2date.2[00m
[00mcron.2[00m      [00mksyms.2[00m  [00mmaillog.3[00m  [00mrpmpkgs.2[00m   [00msecure.4[00m          [00mup2date.3[00m
[00mcron.3[00m      [00mksyms.3[00m  [00mmaillog.4[00m  [00mrpmpkgs.3[00m   [00mspooler[00m           [00mup2date.4[00m
[m]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# cd[root@magnolia log]# cd[root@magnolia log]# cd [root@magnolia log]# cd [root@magnolia log]# cd /[root@magnolia log]# cd /[root@magnolia log]# cd /e[root@magnolia log]# cd /e[root@magnolia log]# cd /et[root@magnolia log]# cd /et[root@magnolia log]# cd /etc[root@magnolia log]# cd /etc
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# m[root@magnolia etc]# m[root@magnolia etc]# mo[root@magnolia etc]# mo[root@magnolia etc]# mor[root@magnolia etc]# mor[root@magnolia etc]# more[root@magnolia etc]# more[root@magnolia etc]# more [root@magnolia etc]# more [root@magnolia etc]# more l[root@magnolia etc]# more l[root@magnolia etc]# more lo[root@magnolia etc]# more lo[root@magnolia etc]# more log[root@magnolia etc]# more log[root@magnolia etc]# more logr[root@magnolia etc]# more logr[root@magnolia etc]# more logro[root@magnolia etc]# more logro[root@magnolia etc]# more logrot[root@magnolia etc]# more logrot[root@magnolia etc]# more logrota[root@magnolia etc]# more logrota[root@magnolia etc]# more logrotat[root@magnolia etc]# more logrotat[root@magnolia etc]# more logrotate[root@magnolia etc]# more logrotate[root@magnolia etc]# more logrotate.[root@magnolia etc]# more logrotate.[root@magnolia etc]# more logrotate.c[root@magnolia etc]# more logrotate.c[root@magnolia etc]# more logrotate.co[root@magnolia etc]# more logrotate.co[root@magnolia etc]# more logrotate.con[root@magnolia etc]# more logrotate.con[root@magnolia etc]# more logrotate.conf[root@magnolia etc]# more logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd .[root@magnolia etc]# cd .[root@magnolia etc]# cd .v[root@magnolia etc]# cd .v[root@magnolia etc]# cd .va[root@magnolia etc]# cd .va[root@magnolia etc]# cd .var[root@magnolia etc]# cd .var[root@magnolia etc]# cd .va[K[root@magnolia etc]# cd .va[root@magnolia etc]# cd .v[K[root@magnolia etc]# cd .v[root@magnolia etc]# cd .[K[root@magnolia etc]# cd .[root@magnolia etc]# cd [K[root@magnolia etc]# cd [root@magnolia etc]# cd /[root@magnolia etc]# cd /[root@magnolia etc]# cd /v[root@magnolia etc]# cd /v[root@magnolia etc]# cd /va[root@magnolia etc]# cd /va[root@magnolia etc]# cd /var[root@magnolia etc]# cd /var[root@magnolia etc]# cd /var/[root@magnolia etc]# cd /var/[root@magnolia etc]# cd /var/l[root@magnolia etc]# cd /var/l[root@magnolia etc]# cd /var/lo[root@magnolia etc]# cd /var/lo[root@magnolia etc]# cd /var/log[root@magnolia etc]# cd /var/log[root@magnolia etc]# cd /var/log/[root@magnolia etc]# cd /var/log/[root@magnolia etc]# cd /var/log/w[root@magnolia etc]# cd /var/log/w[root@magnolia etc]# cd /var/log/wt[root@magnolia etc]# cd /var/log/wt[root@magnolia etc]# cd /var/log/wtm[root@magnolia etc]# cd /var/log/wtm[root@magnolia etc]# cd /var/log/wtmp[root@magnolia etc]# cd /var/log/wtmp
bash: cd: /var/log/wtmp: Not a directory
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd /[root@magnolia etc]# cd /[root@magnolia etc]# cd /v[root@magnolia etc]# cd /v[root@magnolia etc]# cd /va[root@magnolia etc]# cd /va[root@magnolia etc]# cd /var[root@magnolia etc]# cd /var[root@magnolia etc]# cd /var/[root@magnolia etc]# cd /var/[root@magnolia etc]# cd /var/l[root@magnolia etc]# cd /var/l[root@magnolia etc]# cd /var/lo[root@magnolia etc]# cd /var/lo[root@magnolia etc]# cd /var/log[root@magnolia etc]# cd /var/log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ls[root@magnolia log]# ls
[00m[00mboot.log[00m    [00mcron.4[00m   [00mksyms.4[00m    [00mmessages[00m    [00mrpmpkgs.4[00m         [00mspooler.1[00m  [00;34mvbox[00m
[00mboot.log.1[00m  [00;34mcups[00m     [00mksyms.5[00m    [00mmessages.1[00m  [00;34msamba[00m             [00mspooler.2[00m  [00mwtmp[00m
[00mboot.log.2[00m  [00mdmesg[00m    [00mksyms.6[00m    [00mmessages.2[00m  [00mscrollkeeper.log[00m  [00mspooler.3[00m  [00mwtmp.1[00m
[00mboot.log.3[00m  [00;34mgdm[00m      [00mlastlog[00m    [00mmessages.3[00m  [00msecure[00m            [00mspooler.4[00m  [00mXFree86.0.log[00m
[00mboot.log.4[00m  [00;34mhttpd[00m    [00mmaillog[00m    [00mmessages.4[00m  [00msecure.1[00m          [00mup2date[00m
[00mcron[00m        [00mksyms.0[00m  [00mmaillog.1[00m  [00mrpmpkgs[00m     [00msecure.2[00m          [00mup2date.1[00m
[00mcron.1[00m      [00mksyms.1[00m  [00mmaillog.2[00m  [00mrpmpkgs.1[00m   [00msecure.3[00m          [00mup2date.2[00m
[00mcron.2[00m      [00mksyms.2[00m  [00mmaillog.3[00m  [00mrpmpkgs.2[00m   [00msecure.4[00m          [00mup2date.3[00m
[00mcron.3[00m      [00mksyms.3[00m  [00mmaillog.4[00m  [00mrpmpkgs.3[00m   [00mspooler[00m           [00mup2date.4[00m
[m]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# m[root@magnolia log]# m[root@magnolia log]# mo[root@magnolia log]# mo[root@magnolia log]# mor[root@magnolia log]# mor[root@magnolia log]# more[root@magnolia log]# more[root@magnolia log]# more [root@magnolia log]# more [root@magnolia log]# more c[root@magnolia log]# more c[root@magnolia log]# more [K[root@magnolia log]# more [root@magnolia log]# more w[root@magnolia log]# more w[root@magnolia log]# more wt[root@magnolia log]# more wt[root@magnolia log]# more wtm[root@magnolia log]# more wtm[root@magnolia log]# more wtmp[root@magnolia log]# more wtmp
   03  ~                               ~~  runlevel                        2.4.18-14                                                                                                                                                                          
                                                                                    :�=��                                        �  tty1                            1                                   2.4.18-14                                          
                                                                                                                                                                                                                    :�=��                                    
   �  tty2                            2                                   2.4.18-14                                                                                                                                                                          
                                                                                    :�=�                                        �  tty3                            3                                   2.4.18-14                                          
                                                                                                                                                                                                                    :�=}�                                    
   �  tty4                            4                                   2.4.18-14                                                                                                                                                                          
                                                                                    :�=��                                        �  tty5                            5                                   2.4.18-14                                          
                                                                                                                                                                                                                    :�=N�                                    
   �  tty6                            6                                   2.4.18-14                                                                                                                                                                          
                                                                                    :�=��                                            tty1                            1                                   2.4.18-14                                          
                                                                                                                                                                                                                    :�=a�                                    
       tty2                            2                                   2.4.18-14                                                                                                                                                                          
                                                                                    :�=��                                            tty3                            3                                   2.4.18-14                                          
                                                                                                                                                                                                                    :�=&�                                    
       tty4                            4                                   2.4.18-14                                                                                                                                                                          
                                                                                    :�=��                                            tty5                            5                                   2.4.18-14                                          
                                                                                                                                                                                                                    :�=�                                    
       tty6                            6                                   2.4.18-14                                                                                                                                                                          
                                                                                    :�=��                                        �                                  l0                                  2.4.18-14                                          
                                                                                                                                                                                                                    :�=l�                                    
       ~~                              ~~  shutdown                        2.4.18-14                                                                                                                                                                          
                                                                                    :�=��                                                                           si                                  2.4.18-14                                          
                                                                                                                                                                                                                    G��=]�                                    
       ~                               ~~  reboot                          2.4.18-14                                                                                                                                                                          
                                                                                    G��=&                                        3N  ~                               ~~  runlevel                        2.4.18-14                                          
[7m--More--(2%)[27m[K]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ls[root@magnolia log]# ls
[00m[00mboot.log[00m    [00mcron.4[00m   [00mksyms.4[00m    [00mmessages[00m    [00mrpmpkgs.4[00m         [00mspooler.1[00m  [00;34mvbox[00m
[00mboot.log.1[00m  [00;34mcups[00m     [00mksyms.5[00m    [00mmessages.1[00m  [00;34msamba[00m             [00mspooler.2[00m  [00mwtmp[00m
[00mboot.log.2[00m  [00mdmesg[00m    [00mksyms.6[00m    [00mmessages.2[00m  [00mscrollkeeper.log[00m  [00mspooler.3[00m  [00mwtmp.1[00m
[00mboot.log.3[00m  [00;34mgdm[00m      [00mlastlog[00m    [00mmessages.3[00m  [00msecure[00m            [00mspooler.4[00m  [00mXFree86.0.log[00m
[00mboot.log.4[00m  [00;34mhttpd[00m    [00mmaillog[00m    [00mmessages.4[00m  [00msecure.1[00m          [00mup2date[00m
[00mcron[00m        [00mksyms.0[00m  [00mmaillog.1[00m  [00mrpmpkgs[00m     [00msecure.2[00m          [00mup2date.1[00m
[00mcron.1[00m      [00mksyms.1[00m  [00mmaillog.2[00m  [00mrpmpkgs.1[00m   [00msecure.3[00m          [00mup2date.2[00m
[00mcron.2[00m      [00mksyms.2[00m  [00mmaillog.3[00m  [00mrpmpkgs.2[00m   [00msecure.4[00m          [00mup2date.3[00m
[00mcron.3[00m      [00mksyms.3[00m  [00mmaillog.4[00m  [00mrpmpkgs.3[00m   [00mspooler[00m           [00mup2date.4[00m
[m]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# p[root@magnolia log]# p[root@magnolia log]# pw[root@magnolia log]# pw[root@magnolia log]# pwd[root@magnolia log]# pwd
/var/log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# cd[root@magnolia log]# cd[root@magnolia log]# cd [root@magnolia log]# cd [root@magnolia log]# cd .[root@magnolia log]# cd .[root@magnolia log]# cd [K[root@magnolia log]# cd [root@magnolia log]# cd /[root@magnolia log]# cd /[root@magnolia log]# cd /e[root@magnolia log]# cd /e[root@magnolia log]# cd /et[root@magnolia log]# cd /et[root@magnolia log]# cd /etc[root@magnolia log]# cd /etc[root@magnolia log]# cd /etc/[root@magnolia log]# cd /etc/[root@magnolia log]# cd /etc/w[root@magnolia log]# cd /etc/w[root@magnolia log]# cd /etc/we[root@magnolia log]# cd /etc/we[root@magnolia log]# cd /etc/wee[root@magnolia log]# cd /etc/wee[root@magnolia log]# cd /etc/week[root@magnolia log]# cd /etc/week[root@magnolia log]# cd /etc/weekl[root@magnolia log]# cd /etc/weekl[root@magnolia log]# cd /etc/weekly[root@magnolia log]# cd /etc/weekly[root@magnolia log]# cd /etc/weekly.[root@magnolia log]# cd /etc/weekly.[root@magnolia log]# cd /etc/weekly.c[root@magnolia log]# cd /etc/weekly.c[root@magnolia log]# cd /etc/weekly.[K[root@magnolia log]# cd /etc/weekly.[root@magnolia log]# cd /etc/weekly[K[root@magnolia log]# cd /etc/weekly[root@magnolia log]# cd /etc/weekl[K[root@magnolia log]# cd /etc/weekl[root@magnolia log]# cd /etc/week[K[root@magnolia log]# cd /etc/week[root@magnolia log]# cd /etc/wee[K[root@magnolia log]# cd /etc/wee[root@magnolia log]# cd /etc/we[K[root@magnolia log]# cd /etc/we[root@magnolia log]# cd /etc/w[K[root@magnolia log]# cd /etc/w[root@magnolia log]# cd /etc/[K[root@magnolia log]# cd /etc/[root@magnolia log]# cd /etc/c[root@magnolia log]# cd /etc/c[root@magnolia log]# cd /etc/cr[root@magnolia log]# cd /etc/cr[root@magnolia log]# cd /etc/cro[root@magnolia log]# cd /etc/cro[root@magnolia log]# cd /etc/cron[root@magnolia log]# cd /etc/cron[root@magnolia log]# cd /etc/cron.[root@magnolia log]# cd /etc/cron.[root@magnolia log]# cd /etc/cron.w[root@magnolia log]# cd /etc/cron.w[root@magnolia log]# cd /etc/cron.we[root@magnolia log]# cd /etc/cron.we[root@magnolia log]# cd /etc/cron.wee[root@magnolia log]# cd /etc/cron.wee[root@magnolia log]# cd /etc/cron.week[root@magnolia log]# cd /etc/cron.week[root@magnolia log]# cd /etc/cron.weekl[root@magnolia log]# cd /etc/cron.weekl[root@magnolia log]# cd /etc/cron.weekly[root@magnolia log]# cd /etc/cron.weekly
]0;barrie@magnolia:/etc/cron.weekly[root@magnolia cron.weekly]# [root@magnolia cron.weekly]# [root@magnolia cron.weekly]# l[root@magnolia cron.weekly]# l[root@magnolia cron.weekly]# ls[root@magnolia cron.weekly]# ls
[00m[00;32m0anacron[00m  [00;32mmakewhatis.cron[00m
[m]0;barrie@magnolia:/etc/cron.weekly[root@magnolia cron.weekly]# [root@magnolia cron.weekly]# [root@magnolia cron.weekly]# c[root@magnolia cron.weekly]# c[root@magnolia cron.weekly]# cd[root@magnolia cron.weekly]# cd[root@magnolia cron.weekly]# cd [root@magnolia cron.weekly]# cd [root@magnolia cron.weekly]# cd .[root@magnolia cron.weekly]# cd .[root@magnolia cron.weekly]# cd ..[root@magnolia cron.weekly]# cd ..[root@magnolia cron.weekly]# cd ../[root@magnolia cron.weekly]# cd ../[root@magnolia cron.weekly]# cd ../c[root@magnolia cron.weekly]# cd ../c[root@magnolia cron.weekly]# cd ../cr[root@magnolia cron.weekly]# cd ../cr[root@magnolia cron.weekly]# cd ../cro[root@magnolia cron.weekly]# cd ../cro[root@magnolia cron.weekly]# cd ../cron[root@magnolia cron.weekly]# cd ../cron[root@magnolia cron.weekly]# cd ../cron.[root@magnolia cron.weekly]# cd ../cron.[root@magnolia cron.weekly]# cd ../cron.m[root@magnolia cron.weekly]# cd ../cron.m[root@magnolia cron.weekly]# cd ../cron.mo[root@magnolia cron.weekly]# cd ../cron.mo[root@magnolia cron.weekly]# cd ../cron.mon[root@magnolia cron.weekly]# cd ../cron.mon[root@magnolia cron.weekly]# cd ../cron.mont[root@magnolia cron.weekly]# cd ../cron.mont[root@magnolia cron.weekly]# cd ../cron.month[root@magnolia cron.weekly]# cd ../cron.month[root@magnolia cron.weekly]# cd ../cron.monthl[root@magnolia cron.weekly]# cd ../cron.monthl[root@magnolia cron.weekly]# cd ../cron.monthly[root@magnolia cron.weekly]# cd ../cron.monthly
]0;barrie@magnolia:/etc/cron.monthly[root@magnolia cron.monthly]# [root@magnolia cron.monthly]# [root@magnolia cron.monthly]# l[root@magnolia cron.monthly]# l[root@magnolia cron.monthly]# ls[root@magnolia cron.monthly]# ls
[00m[00;32m0anacron[00m
[m]0;barrie@magnolia:/etc/cron.monthly[root@magnolia cron.monthly]# [root@magnolia cron.monthly]# [root@magnolia cron.monthly]# c[root@magnolia cron.monthly]# c[root@magnolia cron.monthly]# [K[root@magnolia cron.monthly]# [root@magnolia cron.monthly]# c[root@magnolia cron.monthly]# c[root@magnolia cron.monthly]# cd[root@magnolia cron.monthly]# cd[root@magnolia cron.monthly]# cd [root@magnolia cron.monthly]# cd [root@magnolia cron.monthly]# cd /[root@magnolia cron.monthly]# cd /[root@magnolia cron.monthly]# cd /e[root@magnolia cron.monthly]# cd /e[root@magnolia cron.monthly]# cd /et[root@magnolia cron.monthly]# cd /et[root@magnolia cron.monthly]# cd /etc[root@magnolia cron.monthly]# cd /etc
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# v[root@magnolia etc]# v[root@magnolia etc]# vi[root@magnolia etc]# vi[root@magnolia etc]# vi [root@magnolia etc]# vi [root@magnolia etc]# vi l[root@magnolia etc]# vi l[root@magnolia etc]# vi lo[root@magnolia etc]# vi lo[root@magnolia etc]# vi log[root@magnolia etc]# vi log[root@magnolia etc]# vi logr[root@magnolia etc]# vi logr[root@magnolia etc]# vi logro[root@magnolia etc]# vi logro[root@magnolia etc]# vi logrot[root@magnolia etc]# vi logrot[root@magnolia etc]# vi logrota[root@magnolia etc]# vi logrota[root@magnolia etc]# vi logrotat[root@magnolia etc]# vi logrotat[root@magnolia etc]# vi logrotate[root@magnolia etc]# vi logrotate[root@magnolia etc]# vi logrotate.[root@magnolia etc]# vi logrotate.[root@magnolia etc]# vi logrotate.c[root@magnolia etc]# vi logrotate.c[root@magnolia etc]# vi logrotate.co[root@magnolia etc]# vi logrotate.co[root@magnolia etc]# vi logrotate.con[root@magnolia etc]# vi logrotate.con[root@magnolia etc]# vi logrotate.conf[root@magnolia etc]# vi logrotate.conf
[?1048h[?1047h[?1h=[1;28r[?25h[?25h[27m[m[H[2J[?25l[28;1H"logrotate.conf" 24L, 505C[1;1H[34m# see "man logrotate" for details
# rotate log files weekly[m
weekly

[34m# keep 4 weeks worth of backlogs[m
rotate 4

[34m# create new (empty) log files after rotating old ones[m
create

[34m# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory[m
include /etc/logrotate.d

[34m# no packages own wtmp -- we'll rotate them here[m
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}

[34m# system-specific logs may be also be configured here.[m
[1m[34m~                                                                                               [26;1H~                                                                                               [27;1H~                                                                                               [m[28;79H1,1[11CAll[1;1H[?25h[?25l[28;79H2[2;1H[?25h[?25l[28;79H3[3;1H[?25h[?25l[28;79H4,0-1[4;1H[?25h[?25l[28;79H5,1  [5;1H[?25h[?25l[28;79H6[6;1H[?25h[?25l[28;79H7,0-1[7;1H[?25h[?25l[28;79H8,1  [8;1H[?25h[?25l[28;79H9[9;1H[?25h[?25l[28;79H10,0-1[10;1H[?25h[?25l[28;80H1,1  [11;1H[?25h[?25l[28;80H2[12;1H[?25h[?25l[28;80H3,0-1[13;1H[?25h[?25l[28;80H4,1  [14;1H[?25h[?25l[28;80H5[15;1H[?25h[?25l[28;80H6,0-1[16;1H[?25h[?25l[28;80H7,1  [17;1H[?25h[?25l[28;80H8[18;1H[?25h[?25l[28;80H9[19;1H[?25h[?25l[28;79H20[20;1H[?25h[?25l[28;1H[1m-- INSERT --[m[28;13H[K[28;79H20,1[10CAll[20;1H[?25h[?25l[34m#    create 0664 root utmp[m[28;82H2[20;2H[?25h[?25l[28;80H1[21;2H[?25h[?25l[28;82H1[21;1H[?25h[?25l[28;82H2[21;2H[?25h[?25l[28;82H3[21;3H[?25h[?25l[28;82H4[21;4H[?25h[?25l[28;82H5[21;5H[?25h[?25l[22;27r[22;1H[L[1;28r[21;5H[K[22;1Hrotate 1[28;80H2,1[22;1H[?25h[?25l        rotate 1[28;82H2-9[22;9H[?25h[?25lrotate 1[22;9H[K[28;82H1  [22;1H[?25h[?25l[28;80H1[21;1H[?25h[?25l[28;82H2[21;2H[?25h[?25l[28;82H3[21;3H[?25h[?25l[28;82H4[21;4H[?25h[?25l[28;82H5[21;5H[?25h[28;1H[K[21;4H[?25l[28;79H21,4[10CAll[21;4H[?25h[?25l[28;79H[K[28;1H:[?25hq![?25l[?1l>[?25h[?1047l[?1048l]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# p[root@magnolia etc]# p[root@magnolia etc]# pi[root@magnolia etc]# pi[root@magnolia etc]# pic[root@magnolia etc]# pic[root@magnolia etc]# pico[root@magnolia etc]# pico[root@magnolia etc]# pico [root@magnolia etc]# pico [root@magnolia etc]# pico l[root@magnolia etc]# pico l[root@magnolia etc]# pico lo[root@magnolia etc]# pico lo[root@magnolia etc]# pico log[root@magnolia etc]# pico log[root@magnolia etc]# pico logr[root@magnolia etc]# pico logr[root@magnolia etc]# pico logro[root@magnolia etc]# pico logro[root@magnolia etc]# pico logroa[root@magnolia etc]# pico logroa[root@magnolia etc]# pico logroat[root@magnolia etc]# pico logroat[root@magnolia etc]# pico logroate[root@magnolia etc]# pico logroate[root@magnolia etc]# pico logroat[K[root@magnolia etc]# pico logroat[root@magnolia etc]# pico logroa[K[root@magnolia etc]# pico logroa[root@magnolia etc]# pico logro[K[root@magnolia etc]# pico logro[root@magnolia etc]# pico logrot[root@magnolia etc]# pico logrot[root@magnolia etc]# pico logrota[root@magnolia etc]# pico logrota[root@magnolia etc]# pico logrotat[root@magnolia etc]# pico logrotat[root@magnolia etc]# pico logrotate[root@magnolia etc]# pico logrotate[root@magnolia etc]# pico logrotate.[root@magnolia etc]# pico logrotate.[root@magnolia etc]# pico logrotate.c[root@magnolia etc]# pico logrotate.c[root@magnolia etc]# pico logrotate.co[root@magnolia etc]# pico logrotate.co[root@magnolia etc]# pico logrotate.con[root@magnolia etc]# pico logrotate.con[root@magnolia etc]# pico logrotate.conf[root@magnolia etc]# pico logrotate.conf
[?1048h[?1047h[1;28r[1;1H[J[7m   UW PICO(tm) 4.2                        New Buffer                                            [27m[27;1H[K[28;1H[K[27;1H[7m^[27m[7mG[27m Get Help     [7m^[27m[7mO[27m WriteOut     [7m^[27m[7mR[27m Read File    [7m^[27m[7mY[27m Prev Pg      [7m^[27m[7mK[27m Cut Text     [7m^[27m[7mC[27m Cur Pos      [28;1H[7m^[27m[7mX[27m Exit         [7m^[27m[7mJ[27m Justify      [7m^[27m[7mW[27m Where is     [7m^[27m[7mV[27m Next Pg      [7m^[27m[7mU[27m UnCut Text   [7m^[27m[7mT[27m To Spell    [K[3;1H[26;1H[K[26;41H[7m[ Reading file ][27m[26;1H[K[26;40H[7m[ Read 24 lines ][27m[1;41H[7mFile: logrotate.conf[27m[3;1H# see "man logrotate" for details[4;1H# rotate log files weekly[5;1Hweekly[7;1H# keep 4 weeks worth of backlogs[8;1Hrotate 4[10;1H# create new (empty) log files after rotating old ones[11;1Hcreate[13;1H# uncomment this if you want your log files compressed[14;1H#compress[16;1H# RPM packages drop log rotation information into this directory[17;1Hinclude /etc/logrotate.d[19;1H# no packages own wtmp -- we'll rotate them here[20;1H/var/log/wtmp {[21;5Hmonthly[22;5Hcreate 0664 root utmp[23;5Hrotate 1[24;1H}[3;1H[4;1H[5;1H[6;1H[7;1H[8;1H[9;1H[10;1H[11;1H[12;1H[13;1H[14;1H[15;1H[16;1H[17;1H[18;1H[19;1H[20;1H[21;1H[22;1H[1;86H[7mModified[27m[22;5Hrotate 1[K[23;1H}[K[24;1H [25;1H# system-specific logs may be also be configured here.[22;1H[22;5Hcreate 0664 root utmp[23;1H    rotate 1[24;1H}[25;1H[K[23;1H[23;5Hcreate 0664 root utmp[24;1H    rotate 1[25;1H}[24;1H[23;1H[22;1H[4h#[4l[22;2H[26;1H[K[23;2H[23;3H[23;4H[23;5H[23;6H[23;7H[23;8H[23;9H[23;10H[23;11H[23;12H[23;13H[23;14H[23;15H[23;16H[23;15H[P[23;15H[23;14H[P[23;14H[4h0[4l[23;15H[4h0[4l[23;16H[26;1H[K[7mFile Name to write :                                                                            [26;22H[27m[7mlogrotate.conf[27m[27;18H[7mT[27m  To Files                                                                    [28;2H[7mC[27m Cancel       [7mT[27m[7mA[27m[7mB[27m Complete                                                                   [K[7m[26;36H[27m[26;1H[K[26;42H[7m[ Writing... ][27m[26;1H[K[26;40H[7m[ Wrote 25 lines ][27m[1;86H[7m        [27m[27;1H[K[28;1H[K[27;1H[7m^[27m[7mG[27m Get Help     [7m^[27m[7mO[27m WriteOut     [7m^[27m[7mR[27m Read File    [7m^[27m[7mY[27m Prev Pg      [7m^[27m[7mK[27m Cut Text     [7m^[27m[7mC[27m Cur Pos      [28;1H[7m^[27m[7mX[27m Exit         [7m^[27m[7mJ[27m Justify      [7m^[27m[7mW[27m Where is     [7m^[27m[7mV[27m Next Pg      [7m^[27m[7mU[27m UnCut Text   [7m^[27m[7mT[27m To Spell    [K[23;16H[26;1H[K[7mFile Name to write :                                                                            [26;22H[27m[7mlogrotate.conf[27m[27;18H[7mT[27m  To Files                                                                    [28;2H[7mC[27m Cancel       [7mT[27m[7mA[27m[7mB[27m Complete                                                                   [K[7m[26;36H[27m[26;1H[K[26;42H[7m[ Writing... ][27m[26;1H[K[26;40H[7m[ Wrote 25 lines ][27m[27;1H[K[28;1H[K[27;1H[7m^[27m[7mG[27m Get Help     [7m^[27m[7mO[27m WriteOut     [7m^[27m[7mR[27m Read File    [7m^[27m[7mY[27m Prev Pg      [7m^[27m[7mK[27m Cut Text     [7m^[27m[7mC[27m Cur Pos      [28;1H[7m^[27m[7mX[27m Exit         [7m^[27m[7mJ[27m Justify      [7m^[27m[7mW[27m Where is     [7m^[27m[7mV[27m Next Pg      [7m^[27m[7mU[27m UnCut Text   [7m^[27m[7mT[27m To Spell    [K[23;16H[27;1H[K[28;1H[K[?1047l[?1048l]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd /[root@magnolia etc]# cd /[root@magnolia etc]# cd /u[root@magnolia etc]# cd /u[root@magnolia etc]# cd /ur[root@magnolia etc]# cd /ur[root@magnolia etc]# cd /ur/[root@magnolia etc]# cd /ur/[root@magnolia etc]# cd /ur/l[root@magnolia etc]# cd /ur/l[root@magnolia etc]# cd /ur/lo[root@magnolia etc]# cd /ur/lo[root@magnolia etc]# cd /ur/loc[root@magnolia etc]# cd /ur/loc[root@magnolia etc]# cd /ur/loca[root@magnolia etc]# cd /ur/loca[root@magnolia etc]# cd /ur/loca;[root@magnolia etc]# cd /ur/loca;[root@magnolia etc]# cd /ur/loca[K[root@magnolia etc]# cd /ur/loca[root@magnolia etc]# cd /ur/loc[K[root@magnolia etc]# cd /ur/loc[root@magnolia etc]# cd /ur/lo[K[root@magnolia etc]# cd /ur/lo[root@magnolia etc]# cd /ur/l[K[root@magnolia etc]# cd /ur/l[root@magnolia etc]# cd /ur/[K[root@magnolia etc]# cd /ur/[root@magnolia etc]# cd /ur[K[root@magnolia etc]# cd /ur[root@magnolia etc]# cd /u[K[root@magnolia etc]# cd /u[root@magnolia etc]# cd /us[root@magnolia etc]# cd /us[root@magnolia etc]# cd /usr[root@magnolia etc]# cd /usr[root@magnolia etc]# cd /usr/[root@magnolia etc]# cd /usr/[root@magnolia etc]# cd /usr/l[root@magnolia etc]# cd /usr/l[root@magnolia etc]# cd /usr/lo[root@magnolia etc]# cd /usr/lo[root@magnolia etc]# cd /usr/loc[root@magnolia etc]# cd /usr/loc[root@magnolia etc]# cd /usr/loca[root@magnolia etc]# cd /usr/loca[root@magnolia etc]# cd /usr/local[root@magnolia etc]# cd /usr/local[root@magnolia etc]# cd /usr/local/[root@magnolia etc]# cd /usr/local/[root@magnolia etc]# cd /usr/local/l[root@magnolia etc]# cd /usr/local/l[root@magnolia etc]# cd /usr/local/lo[root@magnolia etc]# cd /usr/local/lo[root@magnolia etc]# cd /usr/local/l[K[root@magnolia etc]# cd /usr/local/l[root@magnolia etc]# cd /usr/local/[K[root@magnolia etc]# cd /usr/local/
]0;barrie@magnolia:/usr/local[root@magnolia local]# [root@magnolia local]# [root@magnolia local]# l[root@magnolia local]# l[root@magnolia local]# ls[root@magnolia local]# ls
[00m[00;34mapache2[00m        [00;34metc[00m           [00;34mlib[00m                  [00;36mmysql[00m                                   [00;34mshare[00m
[00;34mbin[00m            [00;34mgames[00m         [00;34mlibexec[00m              [00;34mmysql-max-4.0.3-beta-pc-linux-gnu-i686[00m  [00;34msrc[00m
[00;34mCorporateTime[00m  [00;34mhttpd-2.0.43[00m  [00;34mlogcheck-1.1.1[00m       [00;34mphp-4.2.3[00m
[00;34mdoc[00m            [00;34minclude[00m       [00;31mlogsentry-1.1.1.tar[00m  [00;34msbin[00m
[m]0;barrie@magnolia:/usr/local[root@magnolia local]# [root@magnolia local]# [root@magnolia local]# c[root@magnolia local]# c[root@magnolia local]# cd[root@magnolia local]# cd[root@magnolia local]# cd [root@magnolia local]# cd [root@magnolia local]# cd l[root@magnolia local]# cd l[root@magnolia local]# cd lo[root@magnolia local]# cd lo[root@magnolia local]# cd log[root@magnolia local]# cd log[root@magnolia local]# cd logc[root@magnolia local]# cd logc[root@magnolia local]# cd logch[root@magnolia local]# cd logch[root@magnolia local]# cd logche[root@magnolia local]# cd logche[root@magnolia local]# cd logchec[root@magnolia local]# cd logchec[root@magnolia local]# cd logcheck[root@magnolia local]# cd logcheck[root@magnolia local]# cd logcheck-[root@magnolia local]# cd logcheck-[root@magnolia local]# cd logcheck-1[root@magnolia local]# cd logcheck-1[root@magnolia local]# cd logcheck-1.[root@magnolia local]# cd logcheck-1.[root@magnolia local]# cd logcheck-1.1[root@magnolia local]# cd logcheck-1.1[root@magnolia local]# cd logcheck-1.1.[root@magnolia local]# cd logcheck-1.1.[root@magnolia local]# cd logcheck-1.1.1[root@magnolia local]# cd logcheck-1.1.1
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# ls[root@magnolia logcheck-1.1.1]# ls
[00m[00mCHANGES[00m  [00mINSTALL[00m  [00mMakefile[00m  [00mREADME.how.to.interpret[00m  [00;34msrc[00m
[00mCREDITS[00m  [00mLICENSE[00m  [00mREADME[00m    [00mREADME.keywords[00m          [00;34msystems[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# lo[root@magnolia logcheck-1.1.1]# lo[root@magnolia logcheck-1.1.1]# loc[root@magnolia logcheck-1.1.1]# loc[root@magnolia logcheck-1.1.1]# loca[root@magnolia logcheck-1.1.1]# loca[root@magnolia logcheck-1.1.1]# local[root@magnolia logcheck-1.1.1]# local[root@magnolia logcheck-1.1.1]# loca[K[root@magnolia logcheck-1.1.1]# loca[root@magnolia logcheck-1.1.1]# locae[root@magnolia logcheck-1.1.1]# locae[root@magnolia logcheck-1.1.1]# locae [root@magnolia logcheck-1.1.1]# locae [root@magnolia logcheck-1.1.1]# locae[K[root@magnolia logcheck-1.1.1]# locae[root@magnolia logcheck-1.1.1]# loca[K[root@magnolia logcheck-1.1.1]# loca[root@magnolia logcheck-1.1.1]# locat[root@magnolia logcheck-1.1.1]# locat[root@magnolia logcheck-1.1.1]# locate[root@magnolia logcheck-1.1.1]# locate[root@magnolia logcheck-1.1.1]# locat[K[root@magnolia logcheck-1.1.1]# locat[root@magnolia logcheck-1.1.1]# loca[K[root@magnolia logcheck-1.1.1]# loca[root@magnolia logcheck-1.1.1]# loc[K[root@magnolia logcheck-1.1.1]# loc[root@magnolia logcheck-1.1.1]# lo[K[root@magnolia logcheck-1.1.1]# lo[root@magnolia logcheck-1.1.1]# l[K[root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# [K[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more I[root@magnolia logcheck-1.1.1]# more I[root@magnolia logcheck-1.1.1]# more IN[root@magnolia logcheck-1.1.1]# more IN[root@magnolia logcheck-1.1.1]# more INS[root@magnolia logcheck-1.1.1]# more INS[root@magnolia logcheck-1.1.1]# more INST[root@magnolia logcheck-1.1.1]# more INST[root@magnolia logcheck-1.1.1]# more INSTA[root@magnolia logcheck-1.1.1]# more INSTA[root@magnolia logcheck-1.1.1]# more INSTAL[root@magnolia logcheck-1.1.1]# more INSTAL[root@magnolia logcheck-1.1.1]# more INSTALL[root@magnolia logcheck-1.1.1]# more INSTALL
INSTALLATION: Please read the entire file!!

Operation
---------

Logcheck contains several files:

logcheck.sh -- The main script. This file controls all processing and looks 
at log files with simple grep commands. This file is executed on a timed 
basis from cron and reports findings to the sysadmin.

logtail -- A custom executable that remembers the last position of a text 
file. This program is used by logcheck to parse out information from the 
last time the log was opened, this prevents reviewing old material twice. 
All log files will be processed with this program and will have a file named 
"########.offset" put in the same directory, where ####### is the name of 
the log file checked. This file contains the decimal offset information for 
logtail to work. If you delete it, logtail will parse the file from the 
beginning again. Logcheck tracks the size and inode of log files to 
enable it to tell when a log file has been rotated. If the inode of the 
log changes, or the file size is smaller than the last run, logtail will 
reset the counter and parse the entire file. 

logcheck.hacking -- This file contains keywords that are certifiable attacks 
on your system. I leave this file sparse, unless I know what a certain 
pattern of attack looks like (The default keywords are almost always 
[7m--More--(9%)[27mgenerated by Internet Security Scanner attacks, or sendmail(8) if it is 
being fed illegal syntax in address lines). Any keyword in a log file that 
matches here will generate a report with a more obnoxious header to grab 
your attention faster: "ACTIVE SYSTEM ATTACK"

logcheck.violations -- This file contains keywords of system events that 
are usually seen as negative. Words such as "denied", "refused", etc. 
Positive words such as 'su' successes are also put in here. This file is of 
course not all inclusive and is heavily biased towards FWTK messages and 
BSDish messages with TCP wrappers installed. Violations here are reported 
under the heading "Security Violations" in the reports. 

logcheck.violations.ignore -- This file contains words that are reverse 
searched against the logcheck.violations file. If these words are found, 
that entry is not reported. An example of this are the following log entries:

Feb 28 21:00:08 nemesis sendmail[5475]: VAA05473: to=crowland, ctladdr=root 
(0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, stat=refused

Feb 28 22:13:53 nemesis rshd: refused connect from hacker@evil.com:1490
 
The top entry is from sendmail and is a fairly common error, the stat line 
indicates that the remote host refused connections (stat=refused). This can 
happen for a variety of reasons and generally is not a problem.

The bottom line however indicates that a person (hacker@evil.com) has tried 
[7m--More--(18%)[27munsuccessfully to start an rsh session on my machine, this is bad (of 
course you shouldn't be running rshd to begin with).

The logcheck.violations file will find the word 'refused' and will flag it 
to be logged, however this will report both instances as being bad and you 
will get false alarms from sendmail (both had the word refused). By putting 
the following in the logcheck.violations.ignore file you tell logcheck to 
ignore the sendmail problem and it will only report to you the bad rsh 
connection:

(in logcheck.violations.ignore)

mailer=local, stat=refused

This will prevent reports from any line that contains "refused" but has the 
rest of the keywords "mailer=local, stat=refused." This is of course pretty 
basic, and not very intelligent, however you must remember that by forcing 
you to be specific in what you ignore, you will not overlook something 
important. A word of caution though, if you don't pick a long enough string 
to put in the logcheck.violations.ignore file then you could ignore 
significant events. Be very very careful what you put in here. The default 
file has only one entry in it to allow grep to run. Tune it to your system 
carefully! If the above did not make sense at all, leave the file as it is.

logcheck.ignore -- This file is the catch-all file for words to look for in 
the logs and to NOT REPORT. Again be specific with what you want to ignore 
[7m--More--(28%)[27mand go easy on the wildcards. Anything that does not match what is in this 
file is reported (so you don't risk missing anything) as "Unusual System 
Activity." The default is again BSDish and biased towards FWTK and TCP 
Wrappers.

To preserve integrity of the scans the following search order and rules are 
kept:

1) Active System Attacks are reported first.
2) Security Violations are reported second.
3) Unusual System Events are reported last.

Keyword searches on the logcheck.hacking and logcheck.violations file are 
CASE INSENSITIVE to ensure we don't miss anything. Keyword searches on the 
logcheck.violations.ignore and logcheck.ignore files are CASE SENSITIVE 
to ensure again that we don't miss anything. The *.ignore files REQUIRE you 
to put in the exact text as part of the contents. The more sensitive 
logcheck.violations and logcheck.hacking files will report on any word,
regardless of case, that is found as a match.

The whole process follows the following structure:

logcheck.sh executes hourly ----> 
logcheck.sh executes logtail on log files ----> 
logtail parses off any text from the last time it was run ---> 
logcheck greps text for system attack messages ---> 
[7m--More--(36%)[27mlogcheck greps text for security violations ---> 
logcheck greps text for security violations to ignore ---> 
logcheck greps text for all messages to ignore. ---> 
any messages found are mailed to system admin.

Overall it's a very simple process and is surprisingly good at telling you 
information about your system you were never aware of, but probably should 
have been.


Installation
------------

If you know what a syslog.conf file is, know you have it set up to log 
as much information as possible, AND HAVE SECURED THE LOGS, go to step TWO, 
otherwise you should read step ONE.

Step ONE: Configuring syslog daemon and SECURING your log files.

Before setting up logcheck, you should ensure that your system is not only 
running syslog, but that you have it configured for maximum logging. On 
most all systems I recommend that you send all syslog messages to ONE file 
for logcheck to parse through. This configuration ensures that messages 
will not be missed. On BSDish systems this involves editing the file 
syslog.conf located in /etc. This file contains parameters for syslogd and 
if you don't understand them, PLEASE check:
[7m--More--(44%)[27m[K
man syslog.conf

- OR -

A book.

Many syslog.conf files are sensitive to using tabs instead of spaces for 
your entries and you will mysteriously hose syslogd daemon if you put in 
spaces so be careful.

In the syslog.conf file you should put in an entry like this:

*.info						/var/log/messages

Which will log EVERYTHING to the file "messages" located in /var/log. 
Obviously you should substitute /var/log to the directory typically found 
on your system. For BSDI and most variants this is /var/log for Linux this 
is /var/adm. Your syslog.conf file for your site will have the default in 
it. Remember this will log everything, if you have a very high volume 
server (for instance: mail) you may want to cut back on the logging to prevent 
over running of disk space. You can do this in the following way:

*.info;mail.none				/var/log/messages
mail.notice					/var/log/messages

[7m--More--(50%)[27mThis will only log non-standard mail messages, I don't recommend this 
however as it will make it hard to track mail into and out of your system 
if someone attempts, or succeeds, to gain entry. Many systems have separate
log files for different system services, configuring syslog to do this could
look like the following

*.info;mail,ftp,daemon,authpriv.none		/var/log/messages
mail.info					/var/log/mail.log
ftp.info					/var/log/ftp.log
daemon.info					/var/log/daemon.log
authpriv.*					/var/log/secure.log

This configuration will have separate logs for the general system 
messages, mail, ftp, daemon and security messages. Logcheck can be setup to 
check for all of them. Again please see your syslog.conf man 
page for more information.

Now that you have edited your syslog.conf file you need to re-start syslogd 
by sending the HUP signal to it.

IMPORTANT: You must now go to your log directory (/var/log in the example 
above) and change the log file to owner root, group wheel and mode 600 on 
file permissions. First check if the file exists if it doesn't, you should 
make it. For example if your log files is simply called 'messages' you 
would do the following:

[7m--More--(58%)[27mtouch /var/log/messages

Now you must ensure that you change the permissions in the following way:

chown root.wheel /var/log/messages
chmod 600 /var/log/messages

I also recommend that any other log files have their permissions set in a 
similar way (at least to mode 600 if you can't change the owner/group). Log 
files contain very sensitive data about system operations and could 
contain passwords, system errors, and other data that can reveal 
vulnerabilites if you are not careful. I personally feel that these files 
should never be readable by any person other than root. 

BSD and FreeBSD: You should go to the /etc directory and edit 
the /etc/daily, /etc/weekly, and /etc/monthly scripts and change the 
'rotate()' script function to change the log permissions on rotation. 
Simply change the line:

cp /dev/null "$file"; chmod 644 "$file"

To:

cp /dev/null "$file"; chmod 600 "$file"

(The above is for BSDI 2.x, BSDI 3.x uses an external rotate
[7m--More--(65%)[27mfunction now, just change the mode sent to it from 644 to 600
and you'll be OK. FreeBSD will be similiar to the BSDI 2.x script)

When logs are auto-rotated they will have the permissions set automatically.

Once these steps have been completed you can move onto step TWO:

Step TWO: Logcheck and logtail installation.

Logcheck requires the following files to run:

logcheck.sh
logtail.c
logcheck.hacking
logcheck.violations
logcheck.violations.ignore
logcheck.ignore

Pull logcheck.sh into your favorite editor and find the section entitled: 
CONFIGURATION SECTION.

Change the name of the SYSADMIN variable to one of your liking. You can use
local names (default is root), or e-mail addresses for remote logging.

Go to the section entitled: LOG FILE CONFIGURATION SECTION and either 
uncomment the log files that apply to you, or add your own. Be sure 
[7m--More--(71%)[27myou know the difference between the > and >> operators before you do this. 

If you have one of the default system types (Linux, BSDI, FreeBSD,
SunOS, Digital) you can simply type "make <systype>" and it will
install for you at this point.

If you are using an alternate path for the files (i.e NOT in
/usr/local/whatever), you need to change the path entries for
logcheck.hacking, logcheck.violations, logcheck.ignore, 
logcheck.violations.ignore, and logtail in the main logcheck.sh script. I 
don't recommend you do this unless you have to.  

If you changed the default paths /usr/local/etc and /usr/local/bin in 
the logcheck.sh file you need to edit the Makefile and change INSTALLDIR 
and INSTALLDIR_BIN to point to the same directories. 

Note that the Makefile will create a directory called /usr/local/etc/tmp by 
default. This is the scratch area for logcheck to handle it's files. I do 
NOT recommend that you use /tmp for any reason as it is publically 
accessible and may pose a danger if a user creates symbolic links to trick 
the logcheck script into overwriting an important system file. I would
also change all automated system scripts to use this directory instead of
/tmp which is notoriously unsafe. 


Editing Cron
[7m--More--(79%)[27m------------[K

After installing logcheck, you should edit your local crontab file for root 
and set logcheck to run once per hour (recommended, although you can do it 
more frequently, or less frequently, although the absolute minimum in my 
opinion is once every few hours or so). Examples are the following:

Hourly check (BSD Systems and Redhat /etc/crontab):

00 * * * * root /bin/sh /usr/local/etc/logcheck.sh

15 Minute check (Linux Slackware Systems /var/spool/cron/crontabs/root):

00,15,30,45 * * * * /usr/local/etc/logcheck.sh


The 15 minute check I would recommend for firewalls that generally don't 
produce messages unless they are in trouble.

Remember, logcheck does not report anything if it has nothing useful to say 
(only if the rest of USENET could do this). So running it every 15 
minutes will have no impact on your mailbox if the system being watched is 
quiet. Busier systems can be addressed by less frequent reporting, however 
longer reports mean you must spend more time analyzing them, and you may 
not like this either. Again I recommend hourly.

[7m--More--(87%)[27m[K]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# cc[root@magnolia logcheck-1.1.1]# cc[root@magnolia logcheck-1.1.1]# c[K[root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# [K[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# ls[root@magnolia logcheck-1.1.1]# ls
[00m[00mCHANGES[00m  [00mINSTALL[00m  [00mMakefile[00m  [00mREADME.how.to.interpret[00m  [00;34msrc[00m
[00mCREDITS[00m  [00mLICENSE[00m  [00mREADME[00m    [00mREADME.keywords[00m          [00;34msystems[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd s[root@magnolia logcheck-1.1.1]# cd s[root@magnolia logcheck-1.1.1]# cd sy[root@magnolia logcheck-1.1.1]# cd sy[root@magnolia logcheck-1.1.1]# cd sys[root@magnolia logcheck-1.1.1]# cd sys[root@magnolia logcheck-1.1.1]# cd syst[root@magnolia logcheck-1.1.1]# cd syst[root@magnolia logcheck-1.1.1]# cd syste[root@magnolia logcheck-1.1.1]# cd syste[root@magnolia logcheck-1.1.1]# cd system[root@magnolia logcheck-1.1.1]# cd system[root@magnolia logcheck-1.1.1]# cd systems[root@magnolia logcheck-1.1.1]# cd systems
]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems[root@magnolia systems]# [root@magnolia systems]# [root@magnolia systems]# l[root@magnolia systems]# l[root@magnolia systems]# ls[root@magnolia systems]# ls
[00m[00;34mbsdos[00m  [00;34mdigital[00m  [00;34mfreebsd[00m  [00;34mgeneric[00m  [00;34mhpux[00m  [00;34mlinux[00m  [00;34msun[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems[root@magnolia systems]# [root@magnolia systems]# [root@magnolia systems]# c[root@magnolia systems]# c[root@magnolia systems]# cd[root@magnolia systems]# cd[root@magnolia systems]# cd [root@magnolia systems]# cd [root@magnolia systems]# cd l[root@magnolia systems]# cd l[root@magnolia systems]# cd li[root@magnolia systems]# cd li[root@magnolia systems]# cd lin[root@magnolia systems]# cd lin[root@magnolia systems]# cd linu[root@magnolia systems]# cd linu[root@magnolia systems]# cd linux[root@magnolia systems]# cd linux
]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems/linux[root@magnolia linux]# [root@magnolia linux]# [root@magnolia linux]# l[root@magnolia linux]# l[root@magnolia linux]# ls[root@magnolia linux]# ls
[00m[00mlogcheck.hacking[00m  [00;32mlogcheck.sh[00m          [00mlogcheck.violations.ignore[00m  [00mREADME.linux.IMPORTANT[00m
[00mlogcheck.ignore[00m   [00mlogcheck.violations[00m  [00mREADME.linux[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems/linux[root@magnolia linux]# [root@magnolia linux]# [root@magnolia linux]# m[root@magnolia linux]# m[root@magnolia linux]# mo[root@magnolia linux]# mo[root@magnolia linux]# mor[root@magnolia linux]# mor[root@magnolia linux]# more[root@magnolia linux]# more[root@magnolia linux]# more [root@magnolia linux]# more [root@magnolia linux]# more R[root@magnolia linux]# more R[root@magnolia linux]# more RE[root@magnolia linux]# more RE[root@magnolia linux]# more REA[root@magnolia linux]# more REA[root@magnolia linux]# more READ[root@magnolia linux]# more READ[root@magnolia linux]# more READM[root@magnolia linux]# more READM[root@magnolia linux]# more README[root@magnolia linux]# more README[root@magnolia linux]# more README>[root@magnolia linux]# more README>[root@magnolia linux]# more README[K[root@magnolia linux]# more README[root@magnolia linux]# more README.[root@magnolia linux]# more README.[root@magnolia linux]# more README.l[root@magnolia linux]# more README.l[root@magnolia linux]# more README.li[root@magnolia linux]# more README.li[root@magnolia linux]# more README.lin[root@magnolia linux]# more README.lin[root@magnolia linux]# more README.linu[root@magnolia linux]# more README.linu[root@magnolia linux]# more README.linux[root@magnolia linux]# more README.linux
These files will work well with Linux Slackware and Redhat releases
and perhaps others (not tested). Type "make install" as root to
install them on your system. Edit the cron to run them once per hour. 

The default account to mail reports to is root. 

-- Craig


]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems/linux[root@magnolia linux]# [root@magnolia linux]# [root@magnolia linux]# l[root@magnolia linux]# l[root@magnolia linux]# ls[root@magnolia linux]# ls
[00m[00mlogcheck.hacking[00m  [00;32mlogcheck.sh[00m          [00mlogcheck.violations.ignore[00m  [00mREADME.linux.IMPORTANT[00m
[00mlogcheck.ignore[00m   [00mlogcheck.violations[00m  [00mREADME.linux[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems/linux[root@magnolia linux]# [root@magnolia linux]# [root@magnolia linux]# m[root@magnolia linux]# m[root@magnolia linux]# mo[root@magnolia linux]# mo[root@magnolia linux]# mor[root@magnolia linux]# mor[root@magnolia linux]# more[root@magnolia linux]# more[root@magnolia linux]# more [root@magnolia linux]# more [root@magnolia linux]# more R[root@magnolia linux]# more R[root@magnolia linux]# more RE[root@magnolia linux]# more RE[root@magnolia linux]# more REA[root@magnolia linux]# more REA[root@magnolia linux]# more READ[root@magnolia linux]# more READ[root@magnolia linux]# more READM[root@magnolia linux]# more READM[root@magnolia linux]# more README[root@magnolia linux]# more README[root@magnolia linux]# more README.[root@magnolia linux]# more README.[root@magnolia linux]# more README.l[root@magnolia linux]# more README.l[root@magnolia linux]# more README.li[root@magnolia linux]# more README.li[root@magnolia linux]# more README.lin[root@magnolia linux]# more README.lin[root@magnolia linux]# more README.linu[root@magnolia linux]# more README.linu[root@magnolia linux]# more README.linux[root@magnolia linux]# more README.linux[root@magnolia linux]# more README.linux.[root@magnolia linux]# more README.linux.[root@magnolia linux]# more README.linux.I[root@magnolia linux]# more README.linux.I[root@magnolia linux]# more README.linux.IM[root@magnolia linux]# more README.linux.IM[root@magnolia linux]# more README.linux.IMP[root@magnolia linux]# more README.linux.IMP[root@magnolia linux]# more README.linux.IMPO[root@magnolia linux]# more README.linux.IMPO[root@magnolia linux]# more README.linux.IMPOR[root@magnolia linux]# more README.linux.IMPOR[root@magnolia linux]# more README.linux.IMPORT[root@magnolia linux]# more README.linux.IMPORT[root@magnolia linux]# more README.linux.IMPORTA[root@magnolia linux]# more README.linux.IMPORTA[root@magnolia linux]# more README.linux.IMPORTAN[root@magnolia linux]# more README.linux.IMPORTAN[root@magnolia linux]# more README.linux.IMPORTANT[root@magnolia linux]# more README.linux.IMPORTANT
These files will work well with Linux Slackware release 3.0 and Red Hat 
release 3.0.3 and 4.x

Type "make install" as root to install them on your system. Edit the cron 
to run them once per hour. 

The default account to mail reports to is root. 

There is also a quirky bug that I've only seen on Linux systems that will 
sometimes report the following under "Unusual System Events":

<username of person running logcheck> 1 <some number (size of message)>

I can only speculate that sendmail is adding a newline to the end of the 
status line to make this entry appear to be separate. Usually the message 
will look like:

Unusual System Events
=-=-=-=-=-=-=-=-=-=-
root 1 127

Where the first part is the user of the person running logcheck, and the 
last entry is the size of the total message in bytes. 

This is fixed by putting in the entry "root 1" in the logcheck.ignore file. 
I've already done this. If you run logcheck under another account you'll 
[7m--More--(55%)[27mhave to add your own line. If anyone has a better solution let me know, 
it appears to only be a problem on Linux boxes. 

Lastly, many Linux releases do not rotate log files and save the old 
logs. I recommend that you enable log rotating to save space.
On Red Hat Linux Systems, the log files are trimmed down nightly with 
the size command and the resulting file contains the same inode. 
This causes logtail to issue a warning because the log file appears 
to be *shorter* than the last time checked (smaller size, but the same 
inode) and logtail thinks that the log has been tampered with. You can 
circumvent this by making sure the logfile is moved to another name and 
a new empty file is made in its place. Look at the logrotate(8) command 
for more information.

-- Craig


]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems/linux[root@magnolia linux]# [root@magnolia linux]# [root@magnolia linux]# p[root@magnolia linux]# p[root@magnolia linux]# pw[root@magnolia linux]# pw[root@magnolia linux]# pwd[root@magnolia linux]# pwd
/usr/local/logcheck-1.1.1/systems/linux
]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems/linux[root@magnolia linux]# [root@magnolia linux]# [root@magnolia linux]# l[root@magnolia linux]# l[root@magnolia linux]# ls[root@magnolia linux]# ls
[00m[00mlogcheck.hacking[00m  [00;32mlogcheck.sh[00m          [00mlogcheck.violations.ignore[00m  [00mREADME.linux.IMPORTANT[00m
[00mlogcheck.ignore[00m   [00mlogcheck.violations[00m  [00mREADME.linux[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems/linux[root@magnolia linux]# [root@magnolia linux]# [root@magnolia linux]# m[root@magnolia linux]# m[root@magnolia linux]# mo[root@magnolia linux]# mo[root@magnolia linux]# mor[root@magnolia linux]# mor[root@magnolia linux]# more[root@magnolia linux]# more[root@magnolia linux]# more [root@magnolia linux]# more [root@magnolia linux]# more l[root@magnolia linux]# more l[root@magnolia linux]# more lo[root@magnolia linux]# more lo[root@magnolia linux]# more lon[root@magnolia linux]# more lon[root@magnolia linux]# more long[root@magnolia linux]# more long[root@magnolia linux]# more lon[K[root@magnolia linux]# more lon[root@magnolia linux]# more lo[K[root@magnolia linux]# more lo[root@magnolia linux]# more log[root@magnolia linux]# more log[root@magnolia linux]# more logc[root@magnolia linux]# more logc[root@magnolia linux]# more logch[root@magnolia linux]# more logch[root@magnolia linux]# more logche[root@magnolia linux]# more logche[root@magnolia linux]# more logchec[root@magnolia linux]# more logchec[root@magnolia linux]# more logcheck[root@magnolia linux]# more logcheck[root@magnolia linux]# more logcheck.[root@magnolia linux]# more logcheck.[root@magnolia linux]# more logcheck.s[root@magnolia linux]# more logcheck.s[root@magnolia linux]# more logcheck.sh[root@magnolia linux]# more logcheck.sh
#!/bin/sh
#
#	logcheck.sh: Log file checker
#	Written by Craig Rowland <crowland@psionic.com>
#
#	This file needs the program logtail.c to run
#
#	This script checks logs for unusual activity and blatant
#	attempts at hacking. All items are mailed to administrators
# 	for review. This script and the logtail.c program are based upon 
#       the frequentcheck.sh script idea from the Gauntlet(tm) Firewall
#	(c)Trusted Information Systems Inc. The original authors are 
#	Marcus J. Ranum and Fred Avolio.
#
#	Default search files are tuned towards the TIS Firewall toolkit
# 	the TCP Wrapper program. Custom daemons and reporting facilites
#	can be accounted for as well...read the rest of the script for
#	details.
#
#	Version Information
#
#	1.0 	9/29/96  -- Initial Release
#	1.01	11/01/96 -- Added working /tmp directory for symlink protection
#			    (Thanks Richard Bullington (rbulling@obscure.org)
#	1.1	1/03/97	 -- Made this script more portable for Sun's.
#		1/03/97	 -- Made this script work on HPUX
[7m--More--(9%)[27m#               5/14/97  -- Added Digital OSF/1 logging support. Big thanks
#                           to Jay Vassos-Libove <libove@compgen.com> for
#                           his changes.
 

# CONFIGURATION SECTION

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin

# Logcheck is pre-configured to work on most BSD like systems, however it
# is a rather dumb program and may need some help to work on other
# systems. Please check the following command paths to ensure they are 
# correct.

# Person to send log activity to.
SYSADMIN=root

# Full path to logtail program.
# This program is required to run this script and comes with the package.

LOGTAIL=/usr/local/bin/logtail

# Full path to SECURED (non public writable) /tmp directory.
# Prevents Race condition and potential symlink problems. I highly
# recommend you do NOT make this a publically writable/readable directory.
# You would also be well advised to make sure all your system/cron scripts
[7m--More--(18%)[27m[K]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems/linux[root@magnolia linux]# [root@magnolia linux]# [root@magnolia linux]# v[root@magnolia linux]# v[root@magnolia linux]# vi[root@magnolia linux]# vi[root@magnolia linux]# vi![root@magnolia linux]# vi![root@magnolia linux]# vi!$[root@magnolia linux]# vi!$[root@magnolia linux]# vi![K[root@magnolia linux]# vi![root@magnolia linux]# vi[K[root@magnolia linux]# vi[root@magnolia linux]# vi [root@magnolia linux]# vi [root@magnolia linux]# vi ![root@magnolia linux]# vi ![root@magnolia linux]# vi !$[root@magnolia linux]# vi !$
vi logcheck.sh
[?1048h[?1047h[?1h=[1;28r[?25h[?25h[27m[m[H[2J[?25l[28;1H"logcheck.sh" 272L, 10633C[1;1H[34m#!/bin/sh
#
#       logcheck.sh: Log file checker
#       Written by Craig Rowland <crowland@psionic.com>
#
#       This file needs the program logtail.c to run
#
#       This script checks logs for unusual activity and blatant
#       attempts at hacking. All items are mailed to administrators
#       for review. This script and the logtail.c program are based upon 
#       the frequentcheck.sh script idea from the Gauntlet(tm) Firewall
#       (c)Trusted Information Systems Inc. The original authors are 
#       Marcus J. Ranum and Fred Avolio.
#
#       Default search files are tuned towards the TIS Firewall toolkit
#       the TCP Wrapper program. Custom daemons and reporting facilites
#       can be accounted for as well...read the rest of the script for
#       details.
#
#       Version Information
#
#       1.0     9/29/96  -- Initial Release
#       1.01    11/01/96 -- Added working /tmp directory for symlink protection
#                           (Thanks Richard Bullington (rbulling@obscure.org)
#       1.1     1/03/97  -- Made this script more portable for Sun's.
#               1/03/97  -- Made this script work on HPUX
#               5/14/97  -- Added Digital OSF/1 logging support. Big thanks[m[28;79H1,1[11CTop[1;1H[?25h[?25l[28;79H2[2;1H[?25h[?25l[28;79H3[3;1H[?25h[?25l[28;79H4[4;1H[?25h[?25l[28;79H5[5;1H[?25h[?25l[28;79H6[6;1H[?25h[?25l[28;79H7[7;1H[?25h[?25l[28;79H8[8;1H[?25h[?25l[28;79H9[9;1H[?25h[?25l[28;79H10,1[10;1H[?25h[?25l[28;80H1[11;1H[?25h[?25l[28;80H2[12;1H[?25h[?25l[28;80H3[13;1H[?25h[?25l[28;80H4[14;1H[?25h[?25l[28;80H5[15;1H[?25h[?25l[28;80H6[16;1H[?25h[?25l[28;80H7[17;1H[?25h[?25l[28;80H8[18;1H[?25h[?25l[28;80H9[19;1H[?25h[?25l[28;79H20[20;1H[?25h[?25l[28;80H1[21;1H[?25h[?25l[28;80H2[22;1H[?25h[?25l[28;80H3[23;1H[?25h[?25l[28;80H4[24;1H[?25h[?25l[28;80H5[25;1H[?25h[?25l[28;80H6[26;1H[?25h[?25l[28;80H7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#                           to Jay Vassos-Libove <libove@compgen.com> for[m[28;80H8[12C 0%[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#                           his changes.[m[28;80H9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;79H30[13C1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H1,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# CONFIGURATION SECTION[m[28;80H2,1  [9C2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H3,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mPATH[m=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin[28;80H4,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H5,0-1[9C3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Logcheck is pre-configured to work on most BSD like systems, however it[m[28;80H6,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# is a rather dumb program and may need some help to work on other[m[28;80H7[13C4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# systems. Please check the following command paths to ensure they are [m[28;80H8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# correct.[m[28;80H9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;79H40,0-1[9C5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Person to send log activity to.[m[28;80H1,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mSYSADMIN[m=root[28;80H2[13C6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H3,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Full path to logtail program.[m[28;80H4,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# This program is required to run this script and comes with the package.[m[28;80H5[13C7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H6,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mLOGTAIL[m=/usr/local/bin/logtail[28;80H7,1  [9C8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H8,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Full path to SECURED (non public writable) /tmp directory.[m[28;80H9,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Prevents Race condition and potential symlink problems. I highly[m[28;79H50[13C9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# recommend you do NOT make this a publically writable/readable directory.[m[28;80H1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# You would also be well advised to make sure all your system/cron scripts[m[28;80H2[12C10[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# use this directory for their "scratch" area. [m[28;80H3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H4,0-1[9C1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mTMPDIR[m=/usr/local/etc/tmp[28;80H5,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H6,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# The 'grep' command. This command MUST support the[m[28;80H7,1  [9C2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# '-i' '-v' and '-f' flags!! The GNU grep does this by default (that's[m[28;80H8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# good GNUs for you Linux/FreeBSD/BSDI people :) ). The Sun grep I'm told[m[28;80H9[13C3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# does not support these switches, but the 'egrep' command does (Thanks[m[28;79H60[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Jason <jason@mastaler.com> ). Since grep and egrep are usually the GNU [m[28;80H1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# variety on most systems (well most Linux, FreeBSD, BSDI, etc) and just[m[28;80H2[13C4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# hard links to each other we'll just specify egrep here. Change this if [m[28;80H3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# you get errors.[m[28;80H4[13C5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H5,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Linux, FreeBSD, BSDI, Sun, HPUX, etc.[m[28;80H6,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mGREP[m=egrep[28;80H7[13C6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H8,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# The 'mail' command. Most systems this should be OK to leave as is.[m[28;80H9,1  [9C7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# If your default mail command does not support the '-s' (subject) command[m[28;79H70[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# line switch you will need to change this command one one that does.[m[28;80H1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# The only system I've seen this to be a problem on are HPUX boxes. [m[28;80H2[13C8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Naturally, the HPUX is so superior to the rest of UNIX OS's that they[m[28;80H3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# feel they need to do everything differently to remind the rest that[m[28;80H4[13C9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# they are the best ;).[m[28;80H5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H6,0-1[8C20[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Linux, FreeBSD, BSDI, Sun, etc.[m[28;80H7,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mMAIL[m=mail[28;80H8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# HPUX 10.x and others(?)[m[28;80H9[13C1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#MAIL=mailx[m[28;79H80[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Digital OSF/1, Irix[m[28;80H1[13C2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#MAIL=Mail[m[28;80H2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H3,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# File of known active hacking attack messages to look for.[m[28;80H4,1  [9C3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Only put messages in here if you are sure they won't cause[m[28;80H5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# false alarms. This is a rather generic way of checking for [m[28;80H6[13C4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# malicious activity and can be inaccurate unless you know[m[28;80H7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# what past hacking activity looks like. The default is to[m[28;80H8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# look for generic ISS probes (who the hell else looks for [m[28;80H9[13C5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# "WIZ" besides ISS?), and obvious sendmail attacks/probes.[m[28;79H90[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H1,0-1[9C6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mHACKING_FILE[m=/usr/local/etc/logcheck.hacking[28;80H2,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H3,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# File of security violation patterns to specifically look for.[m[28;80H4,1  [9C7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# This file should contain keywords of information administrators should[m[28;80H5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# probably be aware of. May or may not cause false alarms sometimes.[m[28;80H6[13C8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Generally, anything that is "negative" is put in this file. It may miss[m[28;80H7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# some items, but these will be caught by the next check. Move suspicious[m[28;80H8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# items into this file to have them reported regularly.[m[28;80H9[13C9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;79H100,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mVIOLATIONS_FILE[m=/usr/local/etc/logcheck.violations[28;81H1,1  [7C30[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H2,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# File that contains more complete sentences that have keywords from[m[28;81H3,1  [8C1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# the violations file. These keywords are normal and are not cause for [m[28;81H4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# concern but could cause a false alarm. An example of this is the word [m[28;81H5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# "refused" which is often reported by sendmail if a message cannot be [m[28;81H6[12C2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# delivered or can be a more serious security violation of a system [m[28;81H7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# attaching to illegal ports. Obviously you would put the sendmail [m[28;81H8[12C3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# warning as part of this file. Use your judgement before putting words [m[28;81H9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# in here or you can miss really important events. The default is to leave[m[28;80H10[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# this file with only a couple entries. DO NOT LEAVE THE FILE EMPTY. Some [m[28;81H1[12C4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# grep's will assume that an EMPTY file means a wildcard and will ignore [m[28;81H2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# everything! The basic configuration allows for the more frequent sendmail[m[28;81H3[12C5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# error.[m[28;81H4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#[m[28;81H5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Again, be careful what you put in here and DO NOT LEAVE IT EMPTY![m[28;81H6[12C6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H7,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mVIOLATIONS_IGNORE_FILE[m=/usr/local/etc/logcheck.violations.ignore[28;81H8,1  [8C7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H9,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# This is the name of a file that contains patterns that we should[m[28;80H20,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# ignore if found in a log file. If you have repeated false alarms[m[28;81H1[12C8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# or want specific errors ignored, you should put them in here.[m[28;81H2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Once again, be as specific as possible, and go easy on the wildcards[m[28;81H3[12C9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H4,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mIGNORE_FILE[m=/usr/local/etc/logcheck.ignore[28;81H5,1  [7C40[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H6,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# The files are reported in the order of hacking, security [m[28;81H7,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# violations, and unusual system events. Notice that this[m[28;81H8[12C1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# script uses the principle of "That which is not explicitely[m[28;81H9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# ignored is reported" in that the script will report all items[m[28;80H30[12C2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# that you do not tell it to ignore specificially. Be careful[m[28;81H1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# how you use wildcards in the logcheck.ignore file or you [m[28;81H2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# may miss important entries.[m[28;81H3[12C3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H4,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Make sure we really did clean up from the last run.[m[28;81H5,1  [8C4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Also this ensures that people aren't trying to trick us into[m[28;81H6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# overwriting files that we aren't supposed to. This is still a race[m[28;81H7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# condition, but if you are in a temp directory that does not have[m[28;81H8[12C5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# generic luser access it is not a problem. Do not allow this program[m[28;81H9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# to write to a generic /tmp directory where others can watch and/or[m[28;80H40[12C6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# create files!![m[28;81H1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H2,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Shouldn't need to touch these...[m[28;81H3,1  [8C7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mHOSTNAME[m=[35m`hostname`[m[28;81H4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mDATE[m=[35m`date +%m/%d/%y:%H.%M`[m[28;81H5[12C8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H6,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[33mumask[m [31m077[m[28;81H7,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1Hrm [35m-f[m [35m$TMPDIR[m/check.$$ [35m$TMPDIR[m/checkoutput.$$ [35m$TMPDIR[m/checkreport.$$[28;81H8[12C9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[33mif[m [33m[[m [33m-f[m [35m$TMPDIR[m/check.$$ [33m-o[m [33m-f[m [35m$TMPDIR[m/checkoutput.$$ [33m-o[m [33m-f[m [35m$TMPDIR[m/checkreport.$$ [33m][m; [33mthen[m[28;81H9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;9H[33mecho[m[31m [m[33m"[m[31mLog files exist in [m[35m$TMPDIR[m[31m directory that cannot be removed. This [m[28;80H50,1-8[7C50[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[31mmay be an attempt to spoof the log checker.[m[33m"[m[31m \[m[28;81H1,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[31m        [m| [35m$MAIL[m [33m-s[m [33m"[m[35m$HOSTNAME[m[31m [m[35m$DATE[m[31m ACTIVE SYSTEM ATTACK![m[33m"[m [35m$SYSADMIN[m[28;81H2,1-8[8C1[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;9H[33mexit[m [31m1[m[28;81H3[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[33mfi[m[28;81H4,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H5,0-1[8C2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# LOG FILE CONFIGURATION SECTION[m[28;81H6,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# You might have to customize these entries depending on how [m[28;81H7[12C3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# you have syslogd configured. Be sure you check all relevant logs.[m[28;81H8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# The logtail utility is required to read and mark log files.[m[28;81H9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# See INSTALL for more information. Again, using one log file[m[28;80H60[12C4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# is preferred and is easier to manage. Be sure you know what the[m[28;81H1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# > and >> operators do before you change them. LOG FILES SHOULD[m[28;81H2[12C5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# ALWAYS BE chmod 600 OWNER root!![m[28;81H3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H4,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Generic and Linux Slackware 3.x[m[28;81H5,1  [8C6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/log/messages > $TMPDIR/check.$$[m[28;81H6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H7,0-1[8C7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Linux Red Hat Version 3.x, 4.x[m[28;81H8,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[35m$LOGTAIL[m /var/log/messages [33m>[m [35m$TMPDIR[m/check.$$[28;81H9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[35m$LOGTAIL[m /var/log/secure [33m>>[m [35m$TMPDIR[m/check.$$[28;80H70[12C8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[35m$LOGTAIL[m /var/log/maillog [33m>>[m [35m$TMPDIR[m/check.$$[28;81H1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H2,0-1[8C9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# FreeBSD 2.x[m[28;81H3,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/log/messages > $TMPDIR/check.$$[m[28;81H4[11C60[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/log/maillog >> $TMPDIR/check.$$[m[28;81H5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H6,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# BSDI 2.x[m[28;81H7,1  [8C1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/log/messages > $TMPDIR/check.$$[m[28;81H8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/log/secure >> $TMPDIR/check.$$[m[28;81H9[12C2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/log/maillog >> $TMPDIR/check.$$[m[28;80H80[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/log/ftp.log >> $TMPDIR/check.$$[m[28;81H1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Un-comment out the line below if you are using BSDI 2.1[m[28;81H2[12C3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/log/daemon.log >> $TMPDIR/check.$$[m[28;81H3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H4,0-1[8C4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# SunOS, Sun Solaris 2.5[m[28;81H5,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/log/syslog > $TMPDIR/check.$$[m[28;81H6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/adm/messages >> $TMPDIR/check.$$[m[28;81H7[12C5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H8,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# HPUX 10.x and others(?)[m[28;81H9,1  [8C6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#$LOGTAIL /var/adm/syslog/syslog.log > $TMPDIR/check.$$[m[28;80H90[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H1,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Digital OSF/1[m[28;81H2,1  [8C7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# OSF/1 - uses rotating log directory with date & time in name[m[28;81H3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#        LOGDIRS=`find /var/adm/syslog.dated/* -type d -prune -print`[m[28;81H4[12C8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#        LOGDIR=`ls -dtr1 $LOGDIRS | tail -1` [m[28;81H5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#        if [ ! -d "$LOGDIR" ][m[28;81H6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#        then[m[28;81H7[12C9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#          echo "Can't identify current log directory." >> $TMPDIR/checkrepo$[m[28;81H8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#        else[m[28;81H9[11C70[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#                $LOGTAIL  $LOGDIR/auth.log >> $TMPDIR/check.$$[m[28;79H200[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#                $LOGTAIL  $LOGDIR/daemon.log >> $TMPDIR/check.$$[m[28;81H1[12C1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#                $LOGTAIL  $LOGDIR/kern.log >> $TMPDIR/check.$$[m[28;81H2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#                $LOGTAIL  $LOGDIR/lpr.log >> $TMPDIR/check.$$[m[28;81H3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#                $LOGTAIL  $LOGDIR/mail.log >> $TMPDIR/check.$$[m[28;81H4[12C2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#                $LOGTAIL  $LOGDIR/syslog.log >> $TMPDIR/check.$$[m[28;81H5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#                $LOGTAIL  $LOGDIR/user.log >> $TMPDIR/check.$$[m[28;81H6[12C3[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#        fi[m[28;81H7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m#[m[28;81H8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H9,0-1[8C4[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H10[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# END CONFIGURATION SECTION. YOU SHOULDN'T HAVE TO EDIT ANYTHING[m[28;81H1,1  [8C5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# BELOW THIS LINE.[m[28;81H2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H3,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Set the flag variables[m[28;81H4,1  [8C6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mFOUND[m=[31m0[m[28;81H5[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[36mATTACK[m=[31m0[m[28;81H6[12C7[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H7,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# See if the tmp file exists and actually has data to check, [m[28;81H8,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# if it doesn't we should erase it and exit as our job is done.[m[28;81H9[12C8[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;80H20[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[33mif[m [33m[[m [33m![m [33m-s[m [35m$TMPDIR[m/check.$$ [33m][m; [33mthen[m[28;81H1[12C9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;9Hrm [33m-f[m [35m$TMPDIR[m/check.$$[28;81H2,1-8[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;9H[33mexit[m [31m0[m[28;81H3[11C80[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[33mfi[m[28;81H4,1  [27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H5,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Perform Searches[m[28;81H6,1  [8C1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H7,0-1[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[34m# Check for blatant hacking attempts[m[28;81H8,1  [8C2[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[33mif[m [33m[[m [33m-f[m [33m"[m[35m$HACKING_FILE[m[33m"[m [33m][m; [33mthen[m[28;81H9[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[27;9H[33mif[m [35m$GREP[m [33m-i[m [33m-f[m [35m$HACKING_FILE[m [35m$TMPDIR[m/check.$$ [33m>[m [35m$TMPDIR[m/checkoutput.$$; [33mthen[m[28;80H30,1-8[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;17H[33mecho[m[31m [m[33m>>[m [35m$TMPDIR[m/checkreport.$$[28;81H1[12C3[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;17H[33mecho[m[31m [m[33m"[m[31mActive System Attack Alerts[m[33m"[m[31m [m[33m>>[m [35m$TMPDIR[m/checkreport.$$[28;81H2[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;17H[33mecho[m[31m [m[33m"[m[31m=-=-=-=-=-=-=-=-=-=-=-=-=-=[m[33m"[m[31m [m[33m>>[m [35m$TMPDIR[m/checkreport.$$[28;81H3[12C4[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;17Hcat [35m$TMPDIR[m/checkoutput.$$ [33m>>[m [35m$TMPDIR[m/checkreport.$$[28;81H4[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;17H[36mFOUND[m=[31m1[m[28;81H5[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;17H[36mATTACK[m=[31m1[m[28;81H6[12C5[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;9H[33mfi[m[28;81H7[27;8H[?25h[?25l[1;27r[27;1H
[1;28r[27;1H[33mfi[m[28;81H8,1  [8C6[27;1H[?25h[?25l[1;27r[27;1H
[1;28r[28;81H9,0-1[27;1H[?25h[?25l[28;1H[K[28;1H:[?25hq[?25l[?1l>[?25h[?1047l[?1048l]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems/linux[root@magnolia linux]# [root@magnolia linux]# [root@magnolia linux]# c[root@magnolia linux]# c[root@magnolia linux]# cd[root@magnolia linux]# cd[root@magnolia linux]# cd [root@magnolia linux]# cd [root@magnolia linux]# cd .[root@magnolia linux]# cd .[root@magnolia linux]# cd ..[root@magnolia linux]# cd ..
]0;barrie@magnolia:/usr/local/logcheck-1.1.1/systems[root@magnolia systems]# [root@magnolia systems]# [root@magnolia systems]# c[root@magnolia systems]# c[root@magnolia systems]# cd[root@magnolia systems]# cd[root@magnolia systems]# cd [root@magnolia systems]# cd [root@magnolia systems]# cd .[root@magnolia systems]# cd .[root@magnolia systems]# cd ..[root@magnolia systems]# cd ..
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# ls[root@magnolia logcheck-1.1.1]# ls
[00m[00mCHANGES[00m  [00mINSTALL[00m  [00mMakefile[00m  [00mREADME.how.to.interpret[00m  [00;34msrc[00m
[00mCREDITS[00m  [00mLICENSE[00m  [00mREADME[00m    [00mREADME.keywords[00m          [00;34msystems[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd s[root@magnolia logcheck-1.1.1]# cd s[root@magnolia logcheck-1.1.1]# cd sr[root@magnolia logcheck-1.1.1]# cd sr[root@magnolia logcheck-1.1.1]# cd src[root@magnolia logcheck-1.1.1]# cd src
]0;barrie@magnolia:/usr/local/logcheck-1.1.1/src[root@magnolia src]# [root@magnolia src]# [root@magnolia src]# l[root@magnolia src]# l[root@magnolia src]# ls[root@magnolia src]# ls
[00m[00mlogtail.c[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1/src[root@magnolia src]# [root@magnolia src]# [root@magnolia src]# c[root@magnolia src]# c[root@magnolia src]# cd[root@magnolia src]# cd[root@magnolia src]# cd [root@magnolia src]# cd [root@magnolia src]# cd .[root@magnolia src]# cd .[root@magnolia src]# cd ..[root@magnolia src]# cd ..
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# ma[root@magnolia logcheck-1.1.1]# ma[root@magnolia logcheck-1.1.1]# mak[root@magnolia logcheck-1.1.1]# mak[root@magnolia logcheck-1.1.1]# make[root@magnolia logcheck-1.1.1]# make[root@magnolia logcheck-1.1.1]# make [root@magnolia logcheck-1.1.1]# make [root@magnolia logcheck-1.1.1]# make l[root@magnolia logcheck-1.1.1]# make l[root@magnolia logcheck-1.1.1]# make li[root@magnolia logcheck-1.1.1]# make li[root@magnolia logcheck-1.1.1]# make lin[root@magnolia logcheck-1.1.1]# make lin[root@magnolia logcheck-1.1.1]# make linu[root@magnolia logcheck-1.1.1]# make linu[root@magnolia logcheck-1.1.1]# make linux[root@magnolia logcheck-1.1.1]# make linux
make install SYSTYPE=linux
make[1]: Entering directory `/usr/local/logcheck-1.1.1'
Making linux
cc -O -o ./src/logtail ./src/logtail.c
src/logtail.c: In function `main':
src/logtail.c:51: warning: return type of `main' is not `int'
Creating temp directory /usr/local/etc/tmp
Setting temp directory permissions
chmod 700 /usr/local/etc/tmp
Copying files
cp ./systems/linux/logcheck.hacking /usr/local/etc
cp ./systems/linux/logcheck.violations /usr/local/etc
cp ./systems/linux/logcheck.violations.ignore /usr/local/etc
cp ./systems/linux/logcheck.ignore /usr/local/etc
cp ./systems/linux/logcheck.sh /usr/local/etc
cp ./src/logtail /usr/local/bin
Setting permissions
chmod 700 /usr/local/etc/logcheck.sh
chmod 700 /usr/local/bin/logtail
chmod 600 /usr/local/etc/logcheck.violations.ignore
chmod 600 /usr/local/etc/logcheck.violations
chmod 600 /usr/local/etc/logcheck.hacking
chmod 600 /usr/local/etc/logcheck.ignore
Done. Don't forget to set your crontab.
make[1]: Leaving directory `/usr/local/logcheck-1.1.1'
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# ls[root@magnolia logcheck-1.1.1]# ls
[00m[00mCHANGES[00m  [00mINSTALL[00m  [00mMakefile[00m  [00mREADME.how.to.interpret[00m  [00;34msrc[00m
[00mCREDITS[00m  [00mLICENSE[00m  [00mREADME[00m    [00mREADME.keywords[00m          [00;34msystems[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mot[root@magnolia logcheck-1.1.1]# mot[root@magnolia logcheck-1.1.1]# motr[root@magnolia logcheck-1.1.1]# motr[root@magnolia logcheck-1.1.1]# motr [root@magnolia logcheck-1.1.1]# motr [root@magnolia logcheck-1.1.1]# motr s[root@magnolia logcheck-1.1.1]# motr s[root@magnolia logcheck-1.1.1]# motr sk[root@magnolia logcheck-1.1.1]# motr sk[root@magnolia logcheck-1.1.1]# motr skr[root@magnolia logcheck-1.1.1]# motr skr[root@magnolia logcheck-1.1.1]# motr skrg[root@magnolia logcheck-1.1.1]# motr skrg[root@magnolia logcheck-1.1.1]# motr skrgl[root@magnolia logcheck-1.1.1]# motr skrgl[root@magnolia logcheck-1.1.1]# motr skrglr[root@magnolia logcheck-1.1.1]# motr skrglr[root@magnolia logcheck-1.1.1]# motr skrgl[K[root@magnolia logcheck-1.1.1]# motr skrgl[root@magnolia logcheck-1.1.1]# motr skrg[K[root@magnolia logcheck-1.1.1]# motr skrg[root@magnolia logcheck-1.1.1]# motr skr[K[root@magnolia logcheck-1.1.1]# motr skr[root@magnolia logcheck-1.1.1]# motr sk[K[root@magnolia logcheck-1.1.1]# motr sk[root@magnolia logcheck-1.1.1]# motr s[K[root@magnolia logcheck-1.1.1]# motr s[root@magnolia logcheck-1.1.1]# motr [K[root@magnolia logcheck-1.1.1]# motr [root@magnolia logcheck-1.1.1]# motr[K[root@magnolia logcheck-1.1.1]# motr[root@magnolia logcheck-1.1.1]# mot[K[root@magnolia logcheck-1.1.1]# mot[root@magnolia logcheck-1.1.1]# mo[K[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mot[root@magnolia logcheck-1.1.1]# mot[root@magnolia logcheck-1.1.1]# motr[root@magnolia logcheck-1.1.1]# motr[root@magnolia logcheck-1.1.1]# motr [root@magnolia logcheck-1.1.1]# motr [root@magnolia logcheck-1.1.1]# motr[K[root@magnolia logcheck-1.1.1]# motr[root@magnolia logcheck-1.1.1]# mot[K[root@magnolia logcheck-1.1.1]# mot[root@magnolia logcheck-1.1.1]# mo[K[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mot[root@magnolia logcheck-1.1.1]# mot[root@magnolia logcheck-1.1.1]# mo[K[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more M[root@magnolia logcheck-1.1.1]# more M[root@magnolia logcheck-1.1.1]# more Ma[root@magnolia logcheck-1.1.1]# more Ma[root@magnolia logcheck-1.1.1]# more Mak[root@magnolia logcheck-1.1.1]# more Mak[root@magnolia logcheck-1.1.1]# more Make[root@magnolia logcheck-1.1.1]# more Make[root@magnolia logcheck-1.1.1]# more MakeF[root@magnolia logcheck-1.1.1]# more MakeF[root@magnolia logcheck-1.1.1]# more MakeFi[root@magnolia logcheck-1.1.1]# more MakeFi[root@magnolia logcheck-1.1.1]# more MakeFil[root@magnolia logcheck-1.1.1]# more MakeFil[root@magnolia logcheck-1.1.1]# more MakeFile[root@magnolia logcheck-1.1.1]# more MakeFile
MakeFile: No such file or directory
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# l[root@magnolia logcheck-1.1.1]# ls[root@magnolia logcheck-1.1.1]# ls
[00m[00mCHANGES[00m  [00mINSTALL[00m  [00mMakefile[00m  [00mREADME.how.to.interpret[00m  [00;34msrc[00m
[00mCREDITS[00m  [00mLICENSE[00m  [00mREADME[00m    [00mREADME.keywords[00m          [00;34msystems[00m
[m]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd .[root@magnolia logcheck-1.1.1]# cd .[root@magnolia logcheck-1.1.1]# cd ..[root@magnolia logcheck-1.1.1]# cd ..
]0;barrie@magnolia:/usr/local[root@magnolia local]# [root@magnolia local]# [root@magnolia local]# l[root@magnolia local]# l[root@magnolia local]# ls[root@magnolia local]# ls
[00m[00;34mapache2[00m        [00;34metc[00m           [00;34mlib[00m                  [00;36mmysql[00m                                   [00;34mshare[00m
[00;34mbin[00m            [00;34mgames[00m         [00;34mlibexec[00m              [00;34mmysql-max-4.0.3-beta-pc-linux-gnu-i686[00m  [00;34msrc[00m
[00;34mCorporateTime[00m  [00;34mhttpd-2.0.43[00m  [00;34mlogcheck-1.1.1[00m       [00;34mphp-4.2.3[00m
[00;34mdoc[00m            [00;34minclude[00m       [00;31mlogsentry-1.1.1.tar[00m  [00;34msbin[00m
[m]0;barrie@magnolia:/usr/local[root@magnolia local]# [root@magnolia local]# [root@magnolia local]# c[root@magnolia local]# c[root@magnolia local]# cd[root@magnolia local]# cd[root@magnolia local]# cd [root@magnolia local]# cd [root@magnolia local]# cd b[root@magnolia local]# cd b[root@magnolia local]# cd bi[root@magnolia local]# cd bi[root@magnolia local]# cd bin[root@magnolia local]# cd bin
]0;barrie@magnolia:/usr/local/bin[root@magnolia bin]# [root@magnolia bin]# [root@magnolia bin]# l[root@magnolia bin]# l[root@magnolia bin]# ls[root@magnolia bin]# ls
[00m[00;32mcisco_cert_mgr[00m  [00;32mipseclog[00m  [00;32mpear[00m     [00;32mphp-config[00m  [00;32mphpize[00m  [00;32mvpnclient[00m
[00;32mcvpnd[00m           [00;32mlogtail[00m   [00;32mpearize[00m  [00;32mphpextdist[00m  [00;32mphptar[00m
[m]0;barrie@magnolia:/usr/local/bin[root@magnolia bin]# [root@magnolia bin]# [root@magnolia bin]# l[root@magnolia bin]# l[root@magnolia bin]# ll[root@magnolia bin]# ll
[00mtotal 2760
-rwxr-xr-x    1 root     root      1070248 Nov 17 19:40 [00;32mcisco_cert_mgr[00m
-rws--x--x    1 root     root      1375024 Nov 17 19:40 [00;32mcvpnd[00m
-rwxr-xr-x    1 root     root       121280 Nov 17 19:40 [00;32mipseclog[00m
-rwx------    1 root     root        15154 Nov 24 21:46 [00;32mlogtail[00m
-rwxr-xr-x    1 root     root         5957 Oct 28 17:10 [00;32mpear[00m
-rwxr-xr-x    1 root     root         4326 Oct 28 17:10 [00;32mpearize[00m
-rwxr-xr-x    1 root     root          524 Oct 28 17:10 [00;32mphp-config[00m
-rwxr-xr-x    1 root     root          593 Oct 28 17:10 [00;32mphpextdist[00m
-rwxr-xr-x    1 root     root          700 Oct 28 17:10 [00;32mphpize[00m
-rwxr-xr-x    1 root     root         5088 Oct 28 17:10 [00;32mphptar[00m
-rwx--x--x    1 root     root       184144 Nov 17 19:40 [00;32mvpnclient[00m
[m]0;barrie@magnolia:/usr/local/bin[root@magnolia bin]# [root@magnolia bin]# [root@magnolia bin]# l[root@magnolia bin]# l[root@magnolia bin]# ll[root@magnolia bin]# ll[root@magnolia bin]# l[K[root@magnolia bin]# l[root@magnolia bin]# ls[root@magnolia bin]# ls[root@magnolia bin]# ls [root@magnolia bin]# ls [root@magnolia bin]# ls -[root@magnolia bin]# ls -[root@magnolia bin]# ls -l[root@magnolia bin]# ls -l[root@magnolia bin]# ls -lt[root@magnolia bin]# ls -lt
[00mtotal 2760
-rwx------    1 root     root        15154 Nov 24 21:46 [00;32mlogtail[00m
-rwxr-xr-x    1 root     root      1070248 Nov 17 19:40 [00;32mcisco_cert_mgr[00m
-rws--x--x    1 root     root      1375024 Nov 17 19:40 [00;32mcvpnd[00m
-rwxr-xr-x    1 root     root       121280 Nov 17 19:40 [00;32mipseclog[00m
-rwx--x--x    1 root     root       184144 Nov 17 19:40 [00;32mvpnclient[00m
-rwxr-xr-x    1 root     root         5957 Oct 28 17:10 [00;32mpear[00m
-rwxr-xr-x    1 root     root         4326 Oct 28 17:10 [00;32mpearize[00m
-rwxr-xr-x    1 root     root          524 Oct 28 17:10 [00;32mphp-config[00m
-rwxr-xr-x    1 root     root          593 Oct 28 17:10 [00;32mphpextdist[00m
-rwxr-xr-x    1 root     root          700 Oct 28 17:10 [00;32mphpize[00m
-rwxr-xr-x    1 root     root         5088 Oct 28 17:10 [00;32mphptar[00m
[m]0;barrie@magnolia:/usr/local/bin[root@magnolia bin]# [root@magnolia bin]# [root@magnolia bin]# c[root@magnolia bin]# c[root@magnolia bin]# cd[root@magnolia bin]# cd[root@magnolia bin]# cd [root@magnolia bin]# cd [root@magnolia bin]# cd .[root@magnolia bin]# cd .[root@magnolia bin]# cd ..[root@magnolia bin]# cd ..[root@magnolia bin]# cd ../[root@magnolia bin]# cd ../[root@magnolia bin]# cd ../e[root@magnolia bin]# cd ../e[root@magnolia bin]# cd ../et[root@magnolia bin]# cd ../et[root@magnolia bin]# cd ../etc[root@magnolia bin]# cd ../etc[root@magnolia bin]# cd ../etc/[root@magnolia bin]# cd ../etc/
]0;barrie@magnolia:/usr/local/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# l[root@magnolia etc]# l[root@magnolia etc]# ls[root@magnolia etc]# ls
[00m[00mlogcheck.hacking[00m  [00;32mlogcheck.sh[00m          [00mlogcheck.violations.ignore[00m
[00mlogcheck.ignore[00m   [00mlogcheck.violations[00m  [00;34mtmp[00m
[m]0;barrie@magnolia:/usr/local/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd t[root@magnolia etc]# cd t[root@magnolia etc]# cd tm[root@magnolia etc]# cd tm[root@magnolia etc]# cd tmp[root@magnolia etc]# cd tmp
]0;barrie@magnolia:/usr/local/etc/tmp[root@magnolia tmp]# [root@magnolia tmp]# [root@magnolia tmp]# l[root@magnolia tmp]# l[root@magnolia tmp]# ls[root@magnolia tmp]# ls
[00m[m]0;barrie@magnolia:/usr/local/etc/tmp[root@magnolia tmp]# [root@magnolia tmp]# [root@magnolia tmp]# c[root@magnolia tmp]# c[root@magnolia tmp]# cd[root@magnolia tmp]# cd[root@magnolia tmp]# cd [root@magnolia tmp]# cd [root@magnolia tmp]# cd .[root@magnolia tmp]# cd .[root@magnolia tmp]# cd ..[root@magnolia tmp]# cd ..
]0;barrie@magnolia:/usr/local/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# m[root@magnolia etc]# m[root@magnolia etc]# mo[root@magnolia etc]# mo[root@magnolia etc]# mor[root@magnolia etc]# mor[root@magnolia etc]# more[root@magnolia etc]# more[root@magnolia etc]# more [root@magnolia etc]# more [root@magnolia etc]# more l[root@magnolia etc]# more l[root@magnolia etc]# more lo[root@magnolia etc]# more lo[root@magnolia etc]# more log[root@magnolia etc]# more log[root@magnolia etc]# more logc[root@magnolia etc]# more logc[root@magnolia etc]# more logch[root@magnolia etc]# more logch[root@magnolia etc]# more logche[root@magnolia etc]# more logche[root@magnolia etc]# more logchec[root@magnolia etc]# more logchec[root@magnolia etc]# more logcheck[root@magnolia etc]# more logcheck[root@magnolia etc]# more logcheck.[root@magnolia etc]# more logcheck.[root@magnolia etc]# more logcheck.v[root@magnolia etc]# more logcheck.v[root@magnolia etc]# more logcheck.vi[root@magnolia etc]# more logcheck.vi[root@magnolia etc]# more logcheck.vio[root@magnolia etc]# more logcheck.vio[root@magnolia etc]# more logcheck.viol[root@magnolia etc]# more logcheck.viol[root@magnolia etc]# more logcheck.violo[root@magnolia etc]# more logcheck.violo[root@magnolia etc]# more logcheck.violoa[root@magnolia etc]# more logcheck.violoa[root@magnolia etc]# more logcheck.violoat[root@magnolia etc]# more logcheck.violoat[root@magnolia etc]# more logcheck.violoati[root@magnolia etc]# more logcheck.violoati[root@magnolia etc]# more logcheck.violoatio[root@magnolia etc]# more logcheck.violoatio[root@magnolia etc]# more logcheck.violoation[root@magnolia etc]# more logcheck.violoation[root@magnolia etc]# more logcheck.violoatio[K[root@magnolia etc]# more logcheck.violoatio[root@magnolia etc]# more logcheck.violoati[K[root@magnolia etc]# more logcheck.violoati[root@magnolia etc]# more logcheck.violoat[K[root@magnolia etc]# more logcheck.violoat[root@magnolia etc]# more logcheck.violoa[K[root@magnolia etc]# more logcheck.violoa[root@magnolia etc]# more logcheck.violo[K[root@magnolia etc]# more logcheck.violo[root@magnolia etc]# more logcheck.viol[K[root@magnolia etc]# more logcheck.viol[root@magnolia etc]# more logcheck.viola[root@magnolia etc]# more logcheck.viola[root@magnolia etc]# more logcheck.violat[root@magnolia etc]# more logcheck.violat[root@magnolia etc]# more logcheck.violati[root@magnolia etc]# more logcheck.violati[root@magnolia etc]# more logcheck.violatio[root@magnolia etc]# more logcheck.violatio[root@magnolia etc]# more logcheck.violation[root@magnolia etc]# more logcheck.violation[root@magnolia etc]# more logcheck.violations[root@magnolia etc]# more logcheck.violations
!=
-ERR Password
ATTACK
BAD
CWD etc
DEBUG
EXPN
FAILURE
ILLEGAL
LOGIN FAILURE
LOGIN REFUSED
PERMITTED
REFUSED
RETR group
RETR passwd
RETR pwd.db
ROOT LOGIN
SITE EXEC
VRFY
"WIZ"
admin 
alias database
debug
denied
deny
deny host
[7m--More--(55%)[27mexpn[K
failed
illegal
kernel: Oversized packet received from
nested
permitted
reject
rexec
rshd
securityalert
setsender
shutdown
smrsh
su root
su: 
sucked
unapproved
vrfy
attackalert
]0;barrie@magnolia:/usr/local/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd /[root@magnolia etc]# cd /[root@magnolia etc]# cd /t[root@magnolia etc]# cd /t[root@magnolia etc]# cd /[K[root@magnolia etc]# cd /[root@magnolia etc]# cd /e[root@magnolia etc]# cd /e[root@magnolia etc]# cd /et[root@magnolia etc]# cd /et[root@magnolia etc]# cd /etc[root@magnolia etc]# cd /etc
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# v[root@magnolia etc]# v[root@magnolia etc]# vi[root@magnolia etc]# vi[root@magnolia etc]# vi [root@magnolia etc]# vi [root@magnolia etc]# vi c[root@magnolia etc]# vi c[root@magnolia etc]# vi cr[root@magnolia etc]# vi cr[root@magnolia etc]# vi cro[root@magnolia etc]# vi cro[root@magnolia etc]# vi cron[root@magnolia etc]# vi cron[root@magnolia etc]# vi cront[root@magnolia etc]# vi cront[root@magnolia etc]# vi cronta[root@magnolia etc]# vi cronta[root@magnolia etc]# vi crontab[root@magnolia etc]# vi crontab[root@magnolia etc]# [K[root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd /[root@magnolia etc]# cd /[root@magnolia etc]# cd /u[root@magnolia etc]# cd /u[root@magnolia etc]# cd /us[root@magnolia etc]# cd /us[root@magnolia etc]# cd /usr[root@magnolia etc]# cd /usr[root@magnolia etc]# cd /usr/[root@magnolia etc]# cd /usr/[root@magnolia etc]# cd /usr/b[root@magnolia etc]# cd /usr/b[root@magnolia etc]# cd /usr/[K[root@magnolia etc]# cd /usr/[root@magnolia etc]# cd /usr/l[root@magnolia etc]# cd /usr/l[root@magnolia etc]# cd /usr/lc[root@magnolia etc]# cd /usr/lc[root@magnolia etc]# cd /usr/l[K[root@magnolia etc]# cd /usr/l[root@magnolia etc]# cd /usr/lo[root@magnolia etc]# cd /usr/lo[root@magnolia etc]# cd /usr/loc[root@magnolia etc]# cd /usr/loc[root@magnolia etc]# cd /usr/loca[root@magnolia etc]# cd /usr/loca[root@magnolia etc]# cd /usr/local[root@magnolia etc]# cd /usr/local[root@magnolia etc]# cd /usr/local/[root@magnolia etc]# cd /usr/local/[root@magnolia etc]# cd /usr/local/b[root@magnolia etc]# cd /usr/local/b[root@magnolia etc]# cd /usr/local/bn[root@magnolia etc]# cd /usr/local/bn[root@magnolia etc]# cd /usr/local/b[K[root@magnolia etc]# cd /usr/local/b[root@magnolia etc]# cd /usr/local/bi[root@magnolia etc]# cd /usr/local/bi[root@magnolia etc]# cd /usr/local/bin[root@magnolia etc]# cd /usr/local/bin
]0;barrie@magnolia:/usr/local/bin[root@magnolia bin]# [root@magnolia bin]# [root@magnolia bin]# l[root@magnolia bin]# l[root@magnolia bin]# ls[root@magnolia bin]# ls
[00m[00;32mcisco_cert_mgr[00m  [00;32mipseclog[00m  [00;32mpear[00m     [00;32mphp-config[00m  [00;32mphpize[00m  [00;32mvpnclient[00m
[00;32mcvpnd[00m           [00;32mlogtail[00m   [00;32mpearize[00m  [00;32mphpextdist[00m  [00;32mphptar[00m
[m]0;barrie@magnolia:/usr/local/bin[root@magnolia bin]# [root@magnolia bin]# [root@magnolia bin]# c[root@magnolia bin]# c[root@magnolia bin]# cd[root@magnolia bin]# cd[root@magnolia bin]# cd [root@magnolia bin]# cd [root@magnolia bin]# cd .[root@magnolia bin]# cd .[root@magnolia bin]# cd ..[root@magnolia bin]# cd ..[root@magnolia bin]# cd ../[root@magnolia bin]# cd ../
]0;barrie@magnolia:/usr/local[root@magnolia local]# [root@magnolia local]# [root@magnolia local]# c[root@magnolia local]# c[root@magnolia local]# [K[root@magnolia local]# [root@magnolia local]# l[root@magnolia local]# l[root@magnolia local]# ls[root@magnolia local]# ls
[00m[00;34mapache2[00m        [00;34metc[00m           [00;34mlib[00m                  [00;36mmysql[00m                                   [00;34mshare[00m
[00;34mbin[00m            [00;34mgames[00m         [00;34mlibexec[00m              [00;34mmysql-max-4.0.3-beta-pc-linux-gnu-i686[00m  [00;34msrc[00m
[00;34mCorporateTime[00m  [00;34mhttpd-2.0.43[00m  [00;34mlogcheck-1.1.1[00m       [00;34mphp-4.2.3[00m
[00;34mdoc[00m            [00;34minclude[00m       [00;31mlogsentry-1.1.1.tar[00m  [00;34msbin[00m
[m]0;barrie@magnolia:/usr/local[root@magnolia local]# [root@magnolia local]# [root@magnolia local]# c[root@magnolia local]# c[root@magnolia local]# cd[root@magnolia local]# cd[root@magnolia local]# cd [root@magnolia local]# cd [root@magnolia local]# cd e[root@magnolia local]# cd e[root@magnolia local]# cd et[root@magnolia local]# cd et[root@magnolia local]# cd etc[root@magnolia local]# cd etc
]0;barrie@magnolia:/usr/local/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# l[root@magnolia etc]# l[root@magnolia etc]# ls[root@magnolia etc]# ls
[00m[00mlogcheck.hacking[00m  [00;32mlogcheck.sh[00m          [00mlogcheck.violations.ignore[00m
[00mlogcheck.ignore[00m   [00mlogcheck.violations[00m  [00;34mtmp[00m
[m]0;barrie@magnolia:/usr/local/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# p[root@magnolia etc]# p[root@magnolia etc]# pw[root@magnolia etc]# pw[root@magnolia etc]# pwd[root@magnolia etc]# pwd
/usr/local/etc
]0;barrie@magnolia:/usr/local/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd /[root@magnolia etc]# cd /[root@magnolia etc]# cd /e[root@magnolia etc]# cd /e[root@magnolia etc]# cd /et[root@magnolia etc]# cd /et[root@magnolia etc]# cd /etc[root@magnolia etc]# cd /etc
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# v[root@magnolia etc]# v[root@magnolia etc]# vi[root@magnolia etc]# vi[root@magnolia etc]# vi [root@magnolia etc]# vi [root@magnolia etc]# vi c[root@magnolia etc]# vi c[root@magnolia etc]# vi cr[root@magnolia etc]# vi cr[root@magnolia etc]# vi cro[root@magnolia etc]# vi cro[root@magnolia etc]# vi cron[root@magnolia etc]# vi cron[root@magnolia etc]# vi cront[root@magnolia etc]# vi cront[root@magnolia etc]# vi cronta[root@magnolia etc]# vi cronta[root@magnolia etc]# vi crontab[root@magnolia etc]# vi crontab[root@magnolia etc]# vi crontab.[root@magnolia etc]# vi crontab.[root@magnolia etc]# vi crontab[K[root@magnolia etc]# vi crontab
[?1048h[?1047h[?1h=[1;28r[?25h[?25h[27m[m[H[2J[?25l[28;1H"crontab" 10L, 255C[1;1HSHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
[1m[34m~                                                                                               [12;1H~                                                                                               [13;1H~                                                                                               [14;1H~                                                                                               [15;1H~                                                                                               [16;1H~                                                                                               [17;1H~                                                                                               [18;1H~                                                                                               [19;1H~                                                                                               [20;1H~                                                                                               [21;1H~                                                                                               [22;1H~                                                                                               [23;1H~                                                                                               [24;1H~                                                                                               [25;1H~                                                                                               [26;1H~                                                                                               [27;1H~                                                                                               [m[28;79H1,1[11CAll[1;1H[?25h[?25l[28;1H[K[28;1H:[?25hw crontab.lasst[?25l[28;16H[K[28;16H[?25h[?25l[28;15H[K[28;15H[?25ht021123[?25l[28;21H[K[28;21H[?25h4[?25l"crontab.last021124" [New] 10L, 255C written[34C1,1[11CAll[28;79H[K[28;79H1,1[11CAll[1;1H[?25h[?25l[?25h[?25l[28;1H[K[28;1H:[?25hw crontab[?25l"crontab" 10L, 255C written[51C1,1[11CAll[28;79H[K[28;79H1,1[11CAll[1;1H[?25h[?25l[28;79H2[2;1H[?25h[?25l[28;79H3[3;1H[?25h[?25l[28;79H4[4;1H[?25h[?25l[28;79H5,0-1[5;1H[?25h[?25l[28;79H6,1  [6;1H[?25h[?25l[28;79H7[7;1H[?25h[?25l[28;79H8[8;1H[?25h[?25l[28;79H9[9;1H[?25h[?25l[28;79H10,1[10;1H[?25h[?25l[28;1H[1m-- INSERT --[m[28;13H[K[28;79H10,1[10CAll[10;1H[?25h[?25l[28;82H2[10;2H[?25h[?25l[28;82H3[10;3H[?25h[?25l[28;82H4[10;4H[?25h[?25l[28;82H5[10;5H[?25h[?25l[28;82H6[10;6H[?25h[?25l[28;82H7[10;7H[?25h[?25l[28;82H8[10;8H[?25h[?25l[28;82H9[10;9H[?25h[?25l[28;82H10[10;10H[?25h[?25l[28;83H1[10;11H[?25h[?25l[28;83H2[10;12H[?25h[?25l[28;83H3[10;13H[?25h[?25l[28;83H4[10;14H[?25h[?25l[28;83H5[10;15H[?25h[?25l[28;83H6[10;16H[?25h[?25l[28;83H7[10;17H[?25h[?25l[28;83H8[10;18H[?25h[?25l[28;83H9[10;19H[?25h[?25l[28;82H20[10;20H[?25h[?25l[28;83H1[10;21H[?25h[?25l[28;83H2[10;22H[?25h[?25l[28;83H3[10;23H[?25h[?25l[28;83H4[10;24H[?25h[?25l[28;83H5[10;25H[?25h[?25l[28;83H6[10;26H[?25h[?25l[28;83H7[10;27H[?25h[?25l[28;83H8[10;28H[?25h[?25l[28;83H9[10;29H[?25h[?25l[28;82H30[10;30H[?25h[?25l[28;83H1[10;31H[?25h[?25l[28;83H2[10;32H[?25h[?25l[28;83H3[10;33H[?25h[?25l[28;83H4[10;34H[?25h[?25l[28;83H5[10;35H[?25h[?25l[28;83H6[10;36H[?25h[?25l[28;83H7[10;37H[?25h[?25l[28;83H8[10;38H[?25h[?25l[28;83H9[10;39H[?25h[?25l[28;82H40[10;40H[?25h[?25l[28;83H1[10;41H[?25h[?25l[28;83H2[10;42H[?25h[?25l[28;83H3[10;43H[?25h[?25l[28;83H4[10;44H[?25h[?25l[11;1H[K[28;80H1,1 [11;1H[?25h[?25l[12;1H[K[28;80H2[12;1H[?25h[?25l#[28;82H2[12;2H[?25h[?25l[28;82H3[12;3H[?25h[?25lr[28;82H4[12;4H[?25h[?25lu[28;82H5[12;5H[?25h[?25ln[28;82H6[12;6H[?25h[?25l[28;82H7[12;7H[?25h[?25ll[28;82H8[12;8H[?25h[?25lo[28;82H9[12;9H[?25h[?25lg[28;82H10[12;10H[?25h[?25lc[28;83H1[12;11H[?25h[?25lh[28;83H2[12;12H[?25h[?25le[28;83H3[12;13H[?25h[?25lc[28;83H4[12;14H[?25h[?25lk[28;83H5[12;15H[?25h[?25l[28;83H6[12;16H[?25h[?25lh[28;83H7[12;17H[?25h[?25lo[28;83H8[12;18H[?25h[?25lu[28;83H9[12;19H[?25h[?25lr[28;82H20[12;20H[?25h[?25ll[28;83H1[12;21H[?25h[?25ly[28;83H2[12;22H[?25h[?25l[13;1H[K[28;80H3,1 [13;1H[?25h[?25l0[28;82H2[13;2H[?25h[?25l0[28;82H3[13;3H[?25h[?25l[28;82H4[13;4H[?25h[?25l*[28;82H5[13;5H[?25h[?25l[28;82H6[13;6H[?25h[?25l*[28;82H7[13;7H[?25h[?25l[28;82H8[13;8H[?25h[?25l*[28;82H9[13;9H[?25h[?25l[28;82H10[13;10H[?25h[?25l*[28;83H1[13;11H[?25h[?25l[28;83H2[13;12H[?25h[?25lr[28;83H3[13;13H[?25h[?25lo[28;83H4[13;14H[?25h[?25lo[28;83H5[13;15H[?25h[?25lt[28;83H6[13;16H[?25h[?25l[28;83H7[13;17H[?25h[?25l/[28;83H8[13;18H[?25h[?25lb[28;83H9[13;19H[?25h[?25li[28;82H20[13;20H[?25h[?25ln[28;83H1[13;21H[?25h[?25l/[28;83H2[13;22H[?25h[?25ls[28;83H3[13;23H[?25h[?25lh[28;83H4[13;24H[?25h[?25l[28;83H5[13;25H[?25h[?25l[28;83H6[13;26H[?25h[?25l[28;83H7[13;27H[?25h[?25l/[28;83H8[13;28H[?25h[?25lu[28;83H9[13;29H[?25h[?25ls[28;82H30[13;30H[?25h[?25lr[28;83H1[13;31H[?25h[?25l/[28;83H2[13;32H[?25h[?25ll[28;83H3[13;33H[?25h[?25lo[28;83H4[13;34H[?25h[?25lc[28;83H5[13;35H[?25h[?25la[28;83H6[13;36H[?25h[?25ll[28;83H7[13;37H[?25h[?25l/[28;83H8[13;38H[?25h[?25le[28;83H9[13;39H[?25h[?25lt[28;82H40[13;40H[?25h[?25lc[28;83H1[13;41H[?25h[?25l/[28;83H2[13;42H[?25h[?25ll[28;83H3[13;43H[?25h[?25lo[28;83H4[13;44H[?25h[?25lg[28;83H5[13;45H[?25h[?25lc[28;83H6[13;46H[?25h[?25lh[28;83H7[13;47H[?25h[?25le[28;83H8[13;48H[?25h[?25lc[28;83H9[13;49H[?25h[?25lk[28;82H50[13;50H[?25h[?25l.[28;83H1[13;51H[?25h[?25ls[28;83H2[13;52H[?25h[?25lh[28;83H3[13;53H[?25h[28;1H[K[13;52H[?25l[28;79H13,52[9CAll[13;52H[?25h[?25l[28;79H[K[28;1H:[?25hwq[?25l"crontab" 13L, 331C written[?1l>[?25h[?1047l[?1048l]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# m[root@magnolia etc]# m[root@magnolia etc]# ma[root@magnolia etc]# ma[root@magnolia etc]# man[root@magnolia etc]# man[root@magnolia etc]# man [root@magnolia etc]# man [root@magnolia etc]# man H[root@magnolia etc]# man H[root@magnolia etc]# man HP[root@magnolia etc]# man HP[root@magnolia etc]# man H[K[root@magnolia etc]# man H[root@magnolia etc]# man HU[root@magnolia etc]# man HU[root@magnolia etc]# man HUP[root@magnolia etc]# man HUP
No manual entry for HUP
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# p[root@magnolia etc]# p[root@magnolia etc]# ps[root@magnolia etc]# ps[root@magnolia etc]# ps [root@magnolia etc]# ps [root@magnolia etc]# ps -[root@magnolia etc]# ps -[root@magnolia etc]# ps -e[root@magnolia etc]# ps -e[root@magnolia etc]# ps -ef[root@magnolia etc]# ps -ef[root@magnolia etc]# ps -ef [root@magnolia etc]# ps -ef [root@magnolia etc]# ps -ef |[root@magnolia etc]# ps -ef |[root@magnolia etc]# ps -ef | [root@magnolia etc]# ps -ef | [root@magnolia etc]# ps -ef | g[root@magnolia etc]# ps -ef | g[root@magnolia etc]# ps -ef | gr[root@magnolia etc]# ps -ef | gr[root@magnolia etc]# ps -ef | gre[root@magnolia etc]# ps -ef | gre[root@magnolia etc]# ps -ef | grep[root@magnolia etc]# ps -ef | grep[root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep c[root@magnolia etc]# ps -ef | grep c[root@magnolia etc]# ps -ef | grep cr[root@magnolia etc]# ps -ef | grep cr[root@magnolia etc]# ps -ef | grep cro[root@magnolia etc]# ps -ef | grep cro[root@magnolia etc]# ps -ef | grep cron[root@magnolia etc]# ps -ef | grep cron[root@magnolia etc]# ps -ef | grep crond[root@magnolia etc]# ps -ef | grep crond
root       907     1  0 12:06 ?        00:00:00 crond
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# H[root@magnolia etc]# H[root@magnolia etc]# HU[root@magnolia etc]# HU[root@magnolia etc]# HUP[root@magnolia etc]# HUP[root@magnolia etc]# HUP [root@magnolia etc]# HUP [root@magnolia etc]# HUP c[root@magnolia etc]# HUP c[root@magnolia etc]# HUP cr[root@magnolia etc]# HUP cr[root@magnolia etc]# HUP cro[root@magnolia etc]# HUP cro[root@magnolia etc]# HUP cron[root@magnolia etc]# HUP cron[root@magnolia etc]# HUP crond[root@magnolia etc]# HUP crond[root@magnolia etc]# HUP cron[K[root@magnolia etc]# HUP cron[root@magnolia etc]# HUP cro[K[root@magnolia etc]# HUP cro[root@magnolia etc]# HUP cr[K[root@magnolia etc]# HUP cr[root@magnolia etc]# HUP c[K[root@magnolia etc]# HUP c[root@magnolia etc]# HUP [K[root@magnolia etc]# HUP [root@magnolia etc]# HUP[K[root@magnolia etc]# HUP[root@magnolia etc]# HU[K[root@magnolia etc]# HU[root@magnolia etc]# H[K[root@magnolia etc]# H[root@magnolia etc]# [K[root@magnolia etc]# [root@magnolia etc]# w[root@magnolia etc]# w[root@magnolia etc]# wh[root@magnolia etc]# wh[root@magnolia etc]# whi[root@magnolia etc]# whi[root@magnolia etc]# whic[root@magnolia etc]# whic[root@magnolia etc]# which[root@magnolia etc]# which[root@magnolia etc]# which [root@magnolia etc]# which [root@magnolia etc]# which c[root@magnolia etc]# which c[root@magnolia etc]# which cr[root@magnolia etc]# which cr[root@magnolia etc]# which cro[root@magnolia etc]# which cro[root@magnolia etc]# which cron[root@magnolia etc]# which cron[root@magnolia etc]# which crond[root@magnolia etc]# which crond
/usr/sbin/crond
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# H[root@magnolia etc]# H[root@magnolia etc]# HU[root@magnolia etc]# HU[root@magnolia etc]# HUP[root@magnolia etc]# HUP[root@magnolia etc]# HUP [root@magnolia etc]# HUP [root@magnolia etc]# HUP i[root@magnolia etc]# HUP i[root@magnolia etc]# HUP in[root@magnolia etc]# HUP in[root@magnolia etc]# HUP inf[root@magnolia etc]# HUP inf[root@magnolia etc]# HUP info[root@magnolia etc]# HUP info
bash: HUP: command not found
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# H[root@magnolia etc]# H[root@magnolia etc]# HU[root@magnolia etc]# HU[root@magnolia etc]# HUP[root@magnolia etc]# HUP[root@magnolia etc]# HU[K[root@magnolia etc]# HU[root@magnolia etc]# H[K[root@magnolia etc]# H[root@magnolia etc]# [K[root@magnolia etc]# [root@magnolia etc]# m[root@magnolia etc]# m[root@magnolia etc]# ma[root@magnolia etc]# ma[root@magnolia etc]# man[root@magnolia etc]# man[root@magnolia etc]# man [root@magnolia etc]# man [root@magnolia etc]# man u[root@magnolia etc]# man u[root@magnolia etc]# man up[root@magnolia etc]# man up[root@magnolia etc]# man u[K[root@magnolia etc]# man u[root@magnolia etc]# man [K[root@magnolia etc]# man [root@magnolia etc]# man h[root@magnolia etc]# man h[root@magnolia etc]# man hu[root@magnolia etc]# man hu[root@magnolia etc]# man hup[root@magnolia etc]# man hup
No manual entry for hup
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# k[root@magnolia etc]# k[root@magnolia etc]# ki[root@magnolia etc]# ki[root@magnolia etc]# kil[root@magnolia etc]# kil[root@magnolia etc]# kill[root@magnolia etc]# kill[root@magnolia etc]# kill [root@magnolia etc]# kill [root@magnolia etc]# kill -[root@magnolia etc]# kill -[root@magnolia etc]# kill -H[root@magnolia etc]# kill -H[root@magnolia etc]# kill -HU[root@magnolia etc]# kill -HU[root@magnolia etc]# kill -HUP[root@magnolia etc]# kill -HUP[root@magnolia etc]# kill -HUP [root@magnolia etc]# kill -HUP [root@magnolia etc]# kill -HUP c[root@magnolia etc]# kill -HUP c[root@magnolia etc]# kill -HUP cr[root@magnolia etc]# kill -HUP cr[root@magnolia etc]# kill -HUP cro[root@magnolia etc]# kill -HUP cro[root@magnolia etc]# kill -HUP cron[root@magnolia etc]# kill -HUP cron[root@magnolia etc]# kill -HUP crond[root@magnolia etc]# kill -HUP crond
bash: kill: crond: no such pid
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# k[root@magnolia etc]# k[root@magnolia etc]# ki[root@magnolia etc]# ki[root@magnolia etc]# kil[root@magnolia etc]# kil[root@magnolia etc]# kill[root@magnolia etc]# kill[root@magnolia etc]# kill [root@magnolia etc]# kill [root@magnolia etc]# kill -[root@magnolia etc]# kill -[root@magnolia etc]# kill -H[root@magnolia etc]# kill -H[root@magnolia etc]# kill -HU[root@magnolia etc]# kill -HU[root@magnolia etc]# kill -HUP[root@magnolia etc]# kill -HUP[root@magnolia etc]# kill -HUP [root@magnolia etc]# kill -HUP [root@magnolia etc]# kill -HUP 9[root@magnolia etc]# kill -HUP 9[root@magnolia etc]# kill -HUP 90[root@magnolia etc]# kill -HUP 90[root@magnolia etc]# kill -HUP 907[root@magnolia etc]# kill -HUP 907
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# p[root@magnolia etc]# p[root@magnolia etc]# ps[root@magnolia etc]# ps[root@magnolia etc]# ps [root@magnolia etc]# ps [root@magnolia etc]# ps -[root@magnolia etc]# ps -[root@magnolia etc]# ps -e[root@magnolia etc]# ps -e[root@magnolia etc]# ps -ef[root@magnolia etc]# ps -ef[root@magnolia etc]# ps -ef [root@magnolia etc]# ps -ef [root@magnolia etc]# ps -ef |[root@magnolia etc]# ps -ef |[root@magnolia etc]# ps -ef | [root@magnolia etc]# ps -ef | [root@magnolia etc]# ps -ef | g[root@magnolia etc]# ps -ef | g[root@magnolia etc]# ps -ef | gr[root@magnolia etc]# ps -ef | gr[root@magnolia etc]# ps -ef | gre[root@magnolia etc]# ps -ef | gre[root@magnolia etc]# ps -ef | grep[root@magnolia etc]# ps -ef | grep[root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep c[root@magnolia etc]# ps -ef | grep c[root@magnolia etc]# ps -ef | grep cr[root@magnolia etc]# ps -ef | grep cr[root@magnolia etc]# ps -ef | grep cro[root@magnolia etc]# ps -ef | grep cro[root@magnolia etc]# ps -ef | grep cron[root@magnolia etc]# ps -ef | grep cron[root@magnolia etc]# ps -ef | grep crond[root@magnolia etc]# ps -ef | grep crond
root       907     1  0 12:06 ?        00:00:00 crond
root      7416  7126  0 21:58 pts/3    00:00:00 grep crond
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# m[root@magnolia etc]# m[root@magnolia etc]# ma[root@magnolia etc]# ma[root@magnolia etc]# man[root@magnolia etc]# man[root@magnolia etc]# man [root@magnolia etc]# man [root@magnolia etc]# man k[root@magnolia etc]# man k[root@magnolia etc]# man ki[root@magnolia etc]# man ki[root@magnolia etc]# man kil[root@magnolia etc]# man kil[root@magnolia etc]# man kill[root@magnolia etc]# man kill
[?1048h[?1047h[?1h=[28;1H[KKILL(1)                    Linux Programmer’s Manual                   KILL(1)

[1mNAME[0m
       kill − terminate a process

[1mSYNOPSIS[0m
       [1mkill[0m [1m[[0m [1m−s[0m [4msignal[24m [1m|[0m [1m−p[0m [1m][0m [1m[[0m [1m−a[0m [1m][0m [1m[[0m [1m−−[0m [1m][0m [4mpid[24m [4m...[24m
       [1mkill[0m [1m‐l[0m [1m[[0m [4msignal[24m [1m][0m

[1mDESCRIPTION[0m
       The command [1mkill[0m sends the specified signal to the specified process or
       process group.  If no signal is specified, the  TERM  signal  is  sent.
       The  TERM  signal  will  kill processes which do not catch this signal.
       For other processes, it may be necessary to use the  KILL  (9)  signal,
       since this signal cannot be caught.

       Most  modern  shells  have a builtin kill function, with a usage rather
       similar to that of the  command  described  here.  The  ‘‐a’  and  ‘‐p’
       options, and the possibility to specify pids by command name is a local
       extension.

[1mOPTIONS[0m
       [4mpid[24m... Specify the list of processes that [1mkill[0m should signal.  Each [4mpid[24m
              can be one of five things:

              [4mn[24m      where [4mn[24m is larger than 0.  The process with pid [4mn[24m will be
                     signaled.
[28;1H[K:[28;1H[28;1H[K
              [1m0[0m      All processes in the current process group are  signaled.

              [1m‐1[0m     All processes with pid larger than 1 will be signaled.

              [1m‐[0m[4mn[24m     where [4mn[24m is larger than 1.  All processes in process group
                     [4mn[24m are signaled.  When an argument of  the  form  ‘‐n’  is
                     given,  and it is meant to denote a process group, either
                     the signal must be specified first, or the argument  must
                     be  preceded by a ‘‐‐’ option, otherwise it will be taken
                     as the signal to send.

              [4mcommandname[24m
                     All processes invoked using that name will be signaled.

       [1m−s[0m [4msignal[24m
              Specify the signal to send.  The signal may be given as a signal
              name or number.

       [1m−l[0m     Print   a   list   of   signal   names.    These  are  found  in
              [4m/usr/include/linux/signal.h[24m

       [1m−a[0m     Do not restrict the commandname‐to‐pid conversion  to  processes
              with the same uid as the present process.

       [1m−p[0m     Specify  that [1mkill[0m should only print the process id (pid) of the
              named processes, and not send any signals.
[28;1H[K:[28;1H[28;1H[K
[1mSEE[0m [1mALSO[0m
       [1mbash[0m(1), [1mtcsh[0m(1), [1mkill[0m(2), [1msigvec[0m(2), [1msignal[0m(7)

[1mAUTHOR[0m
       Taken from BSD 4.4.  The ability to translate process names to  process
       ids was added by Salvatore Valente <svalente@mit.edu>.

Linux Utilities                 14 October 1994                        KILL(1)
[28;1H[K[7m(END) [27m[28;1H[28;1H[K[28;1H[K[7m(END) [27m[28;1H[K[?1l>[?1047l[?1048l]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# m[root@magnolia etc]# m[root@magnolia etc]# ma[root@magnolia etc]# ma[root@magnolia etc]# man[root@magnolia etc]# man[root@magnolia etc]# man [root@magnolia etc]# man [root@magnolia etc]# man k[root@magnolia etc]# man k[root@magnolia etc]# man ki[root@magnolia etc]# man ki[root@magnolia etc]# man kil[root@magnolia etc]# man kil[root@magnolia etc]# man kill[root@magnolia etc]# man kill[root@magnolia etc]# man kill [root@magnolia etc]# man kill [root@magnolia etc]# man kill ([root@magnolia etc]# man kill ([root@magnolia etc]# man kill (@[root@magnolia etc]# man kill (@[root@magnolia etc]# man kill (@)[root@magnolia etc]# man kill (@)[root@magnolia etc]# man kill (@[K[root@magnolia etc]# man kill (@[root@magnolia etc]# man kill ([K[root@magnolia etc]# man kill ([root@magnolia etc]# man kill [K[root@magnolia etc]# man kill [root@magnolia etc]# man kill[K[root@magnolia etc]# man kill[root@magnolia etc]# man kill([root@magnolia etc]# man kill([root@magnolia etc]# man kill(2[root@magnolia etc]# man kill(2[root@magnolia etc]# man kill(2)[root@magnolia etc]# man kill(2)
bash: syntax error near unexpected token `('
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# k[root@magnolia etc]# k[root@magnolia etc]# ki[root@magnolia etc]# ki[root@magnolia etc]# kil[root@magnolia etc]# kil[root@magnolia etc]# kill[root@magnolia etc]# kill[root@magnolia etc]# kill [root@magnolia etc]# kill [root@magnolia etc]# kill -[root@magnolia etc]# kill -[root@magnolia etc]# kill -H[root@magnolia etc]# kill -H[root@magnolia etc]# kill -HU[root@magnolia etc]# kill -HU[root@magnolia etc]# kill -HUP[root@magnolia etc]# kill -HUP[root@magnolia etc]# kill -HUP [root@magnolia etc]# kill -HUP [root@magnolia etc]# kill -HUP 9[root@magnolia etc]# kill -HUP 9[root@magnolia etc]# kill -HUP 90[root@magnolia etc]# kill -HUP 90[root@magnolia etc]# kill -HUP 907[root@magnolia etc]# kill -HUP 907
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# p[root@magnolia etc]# p[root@magnolia etc]# pw[root@magnolia etc]# pw[root@magnolia etc]# p[K[root@magnolia etc]# p[root@magnolia etc]# ps[root@magnolia etc]# ps[root@magnolia etc]# ps [root@magnolia etc]# ps [root@magnolia etc]# ps =[root@magnolia etc]# ps =[root@magnolia etc]# ps [K[root@magnolia etc]# ps [root@magnolia etc]# ps -[root@magnolia etc]# ps -[root@magnolia etc]# ps -e[root@magnolia etc]# ps -e[root@magnolia etc]# ps -ef[root@magnolia etc]# ps -ef[root@magnolia etc]# ps -ef [root@magnolia etc]# ps -ef [root@magnolia etc]# ps -ef |[root@magnolia etc]# ps -ef |[root@magnolia etc]# ps -ef | [root@magnolia etc]# ps -ef | [root@magnolia etc]# ps -ef | g[root@magnolia etc]# ps -ef | g[root@magnolia etc]# ps -ef | gr[root@magnolia etc]# ps -ef | gr[root@magnolia etc]# ps -ef | gre[root@magnolia etc]# ps -ef | gre[root@magnolia etc]# ps -ef | grep[root@magnolia etc]# ps -ef | grep[root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep h[root@magnolia etc]# ps -ef | grep h[root@magnolia etc]# ps -ef | grep ht[root@magnolia etc]# ps -ef | grep ht[root@magnolia etc]# ps -ef | grep htt[root@magnolia etc]# ps -ef | grep htt[root@magnolia etc]# ps -ef | grep http[root@magnolia etc]# ps -ef | grep http[root@magnolia etc]# ps -ef | grep httpd[root@magnolia etc]# ps -ef | grep httpd[root@magnolia etc]# ps -ef | grep http[K[root@magnolia etc]# ps -ef | grep http[root@magnolia etc]# ps -ef | grep htt[K[root@magnolia etc]# ps -ef | grep htt[root@magnolia etc]# ps -ef | grep ht[K[root@magnolia etc]# ps -ef | grep ht[root@magnolia etc]# ps -ef | grep h[K[root@magnolia etc]# ps -ef | grep h[root@magnolia etc]# ps -ef | grep [K[root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep c[root@magnolia etc]# ps -ef | grep c[root@magnolia etc]# ps -ef | grep cr[root@magnolia etc]# ps -ef | grep cr[root@magnolia etc]# ps -ef | grep cro[root@magnolia etc]# ps -ef | grep cro[root@magnolia etc]# ps -ef | grep cron[root@magnolia etc]# ps -ef | grep cron[root@magnolia etc]# ps -ef | grep crond[root@magnolia etc]# ps -ef | grep crond
root       907     1  0 12:06 ?        00:00:00 crond
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# k[root@magnolia etc]# k[root@magnolia etc]# ki[root@magnolia etc]# ki[root@magnolia etc]# kil[root@magnolia etc]# kil[root@magnolia etc]# kill[root@magnolia etc]# kill[root@magnolia etc]# kill [root@magnolia etc]# kill [root@magnolia etc]# kill -[root@magnolia etc]# kill -[root@magnolia etc]# kill -l[root@magnolia etc]# kill -l[root@magnolia etc]# [K[root@magnolia etc]# [root@magnolia etc]# m[root@magnolia etc]# m[root@magnolia etc]# ma[root@magnolia etc]# ma[root@magnolia etc]# man[root@magnolia etc]# man[root@magnolia etc]# man [root@magnolia etc]# man [root@magnolia etc]# man k[root@magnolia etc]# man k[root@magnolia etc]# man ki[root@magnolia etc]# man ki[root@magnolia etc]# man kil[root@magnolia etc]# man kil[root@magnolia etc]# man kill[root@magnolia etc]# man kill
[?1048h[?1047h[?1h=[28;1H[KKILL(1)                    Linux Programmer’s Manual                   KILL(1)

[1mNAME[0m
       kill − terminate a process

[1mSYNOPSIS[0m
       [1mkill[0m [1m[[0m [1m−s[0m [4msignal[24m [1m|[0m [1m−p[0m [1m][0m [1m[[0m [1m−a[0m [1m][0m [1m[[0m [1m−−[0m [1m][0m [4mpid[24m [4m...[24m
       [1mkill[0m [1m‐l[0m [1m[[0m [4msignal[24m [1m][0m

[1mDESCRIPTION[0m
       The command [1mkill[0m sends the specified signal to the specified process or
       process group.  If no signal is specified, the  TERM  signal  is  sent.
       The  TERM  signal  will  kill processes which do not catch this signal.
       For other processes, it may be necessary to use the  KILL  (9)  signal,
       since this signal cannot be caught.

       Most  modern  shells  have a builtin kill function, with a usage rather
       similar to that of the  command  described  here.  The  ‘‐a’  and  ‘‐p’
       options, and the possibility to specify pids by command name is a local
       extension.

[1mOPTIONS[0m
       [4mpid[24m... Specify the list of processes that [1mkill[0m should signal.  Each [4mpid[24m
              can be one of five things:

              [4mn[24m      where [4mn[24m is larger than 0.  The process with pid [4mn[24m will be
                     signaled.
[28;1H[K:[28;1H[28;1H[K
              [1m0[0m      All processes in the current process group are  signaled.

              [1m‐1[0m     All processes with pid larger than 1 will be signaled.

              [1m‐[0m[4mn[24m     where [4mn[24m is larger than 1.  All processes in process group
                     [4mn[24m are signaled.  When an argument of  the  form  ‘‐n’  is
                     given,  and it is meant to denote a process group, either
                     the signal must be specified first, or the argument  must
                     be  preceded by a ‘‐‐’ option, otherwise it will be taken
                     as the signal to send.

              [4mcommandname[24m
                     All processes invoked using that name will be signaled.

       [1m−s[0m [4msignal[24m
              Specify the signal to send.  The signal may be given as a signal
              name or number.

       [1m−l[0m     Print   a   list   of   signal   names.    These  are  found  in
              [4m/usr/include/linux/signal.h[24m

       [1m−a[0m     Do not restrict the commandname‐to‐pid conversion  to  processes
              with the same uid as the present process.

       [1m−p[0m     Specify  that [1mkill[0m should only print the process id (pid) of the
              named processes, and not send any signals.
[28;1H[K:[28;1H[28;1H[K
[1mSEE[0m [1mALSO[0m
       [1mbash[0m(1), [1mtcsh[0m(1), [1mkill[0m(2), [1msigvec[0m(2), [1msignal[0m(7)

[1mAUTHOR[0m
       Taken from BSD 4.4.  The ability to translate process names to  process
       ids was added by Salvatore Valente <svalente@mit.edu>.

Linux Utilities                 14 October 1994                        KILL(1)
[28;1H[K[7m(END) [27m[28;1H[K[?1l>[?1047l[?1048l]0;barrie@magnolia:/etcYou have new mail in /var/spool/mail/barrie
[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# k[root@magnolia etc]# k[root@magnolia etc]# ki[root@magnolia etc]# ki[root@magnolia etc]# kil[root@magnolia etc]# kil[root@magnolia etc]# kill[root@magnolia etc]# kill[root@magnolia etc]# kill [root@magnolia etc]# kill [root@magnolia etc]# kill -[root@magnolia etc]# kill -[root@magnolia etc]# kill -l[root@magnolia etc]# kill -l[root@magnolia etc]# kill -l [root@magnolia etc]# kill -l [root@magnolia etc]# kill -l 9[root@magnolia etc]# kill -l 9[root@magnolia etc]# kill -l 90[root@magnolia etc]# kill -l 90[root@magnolia etc]# kill -l 907[root@magnolia etc]# kill -l 907
bash: kill: 907: invalid signal specification
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# k[root@magnolia etc]# k[root@magnolia etc]# ki[root@magnolia etc]# ki[root@magnolia etc]# kil[root@magnolia etc]# kil[root@magnolia etc]# kill[root@magnolia etc]# kill[root@magnolia etc]# kill [root@magnolia etc]# kill [root@magnolia etc]# kill -[root@magnolia etc]# kill -[root@magnolia etc]# kill -1[root@magnolia etc]# kill -1[root@magnolia etc]# kill -1 [root@magnolia etc]# kill -1 [root@magnolia etc]# kill -1 9[root@magnolia etc]# kill -1 9[root@magnolia etc]# kill -1 90[root@magnolia etc]# kill -1 90[root@magnolia etc]# kill -1 907[root@magnolia etc]# kill -1 907
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# p[root@magnolia etc]# p[root@magnolia etc]# ps[root@magnolia etc]# ps[root@magnolia etc]# ps [root@magnolia etc]# ps [root@magnolia etc]# ps -[root@magnolia etc]# ps -[root@magnolia etc]# ps -e[root@magnolia etc]# ps -e[root@magnolia etc]# ps -ef[root@magnolia etc]# ps -ef[root@magnolia etc]# ps -ef [root@magnolia etc]# ps -ef [root@magnolia etc]# ps -ef |[root@magnolia etc]# ps -ef |[root@magnolia etc]# ps -ef | [root@magnolia etc]# ps -ef | [root@magnolia etc]# ps -ef | g[root@magnolia etc]# ps -ef | g[root@magnolia etc]# ps -ef | gr[root@magnolia etc]# ps -ef | gr[root@magnolia etc]# ps -ef | gre[root@magnolia etc]# ps -ef | gre[root@magnolia etc]# ps -ef | grep[root@magnolia etc]# ps -ef | grep[root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep c[root@magnolia etc]# ps -ef | grep c[root@magnolia etc]# ps -ef | grep cr[root@magnolia etc]# ps -ef | grep cr[root@magnolia etc]# ps -ef | grep cro[root@magnolia etc]# ps -ef | grep cro[root@magnolia etc]# ps -ef | grep cron[root@magnolia etc]# ps -ef | grep cron[root@magnolia etc]# ps -ef | grep crond[root@magnolia etc]# ps -ef | grep crond
root       907     1  0 12:06 ?        00:00:00 crond
root      7473  7126  0 22:02 pts/3    00:00:00 grep crond
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# /[root@magnolia etc]# /[root@magnolia etc]# /u[root@magnolia etc]# /u[root@magnolia etc]# /us[root@magnolia etc]# /us[root@magnolia etc]# /usr[root@magnolia etc]# /usr[root@magnolia etc]# /usr/[root@magnolia etc]# /usr/[root@magnolia etc]# /usr/l[root@magnolia etc]# /usr/l[root@magnolia etc]# /usr/lo[root@magnolia etc]# /usr/lo[root@magnolia etc]# /usr/loc[root@magnolia etc]# /usr/loc[root@magnolia etc]# /usr/loca[root@magnolia etc]# /usr/loca[root@magnolia etc]# /usr/local[root@magnolia etc]# /usr/local[root@magnolia etc]# /usr/local/[root@magnolia etc]# /usr/local/[root@magnolia etc]# /usr/local/e[root@magnolia etc]# /usr/local/e[root@magnolia etc]# /usr/local/et[root@magnolia etc]# /usr/local/et[root@magnolia etc]# /usr/local/etc[root@magnolia etc]# /usr/local/etc[root@magnolia etc]# /usr/local/etc/[root@magnolia etc]# /usr/local/etc/[root@magnolia etc]# /usr/local/etc/l[root@magnolia etc]# /usr/local/etc/l[root@magnolia etc]# /usr/local/etc/lo[root@magnolia etc]# /usr/local/etc/lo[root@magnolia etc]# /usr/local/etc/log[root@magnolia etc]# /usr/local/etc/log[root@magnolia etc]# /usr/local/etc/logc[root@magnolia etc]# /usr/local/etc/logc[root@magnolia etc]# /usr/local/etc/logch[root@magnolia etc]# /usr/local/etc/logch[root@magnolia etc]# /usr/local/etc/logche[root@magnolia etc]# /usr/local/etc/logche[root@magnolia etc]# /usr/local/etc/logchec[root@magnolia etc]# /usr/local/etc/logchec[root@magnolia etc]# /usr/local/etc/logcheck[root@magnolia etc]# /usr/local/etc/logcheck[root@magnolia etc]# /usr/local/etc/logcheck.[root@magnolia etc]# /usr/local/etc/logcheck.[root@magnolia etc]# /usr/local/etc/logcheck.s[root@magnolia etc]# /usr/local/etc/logcheck.s[root@magnolia etc]# /usr/local/etc/logcheck.sh[root@magnolia etc]# /usr/local/etc/logcheck.sh
]0;barrie@magnolia:/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# p[root@magnolia etc]# p[root@magnolia etc]# ps[root@magnolia etc]# ps[root@magnolia etc]# ps [root@magnolia etc]# ps [root@magnolia etc]# ps -[root@magnolia etc]# ps -[root@magnolia etc]# ps -e[root@magnolia etc]# ps -e[root@magnolia etc]# ps -ef[root@magnolia etc]# ps -ef[root@magnolia etc]# ps -ef [root@magnolia etc]# ps -ef [root@magnolia etc]# ps -ef |[root@magnolia etc]# ps -ef |[root@magnolia etc]# ps -ef | [root@magnolia etc]# ps -ef | [root@magnolia etc]# ps -ef | g[root@magnolia etc]# ps -ef | g[root@magnolia etc]# ps -ef | gr[root@magnolia etc]# ps -ef | gr[root@magnolia etc]# ps -ef | gre[root@magnolia etc]# ps -ef | gre[root@magnolia etc]# ps -ef | grep[root@magnolia etc]# ps -ef | grep[root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep [root@magnolia etc]# ps -ef | grep l[root@magnolia etc]# ps -ef | grep l[root@magnolia etc]# ps -ef | grep lo[root@magnolia etc]# ps -ef | grep lo[root@magnolia etc]# ps -ef | grep log[root@magnolia etc]# ps -ef | grep log[root@magnolia etc]# ps -ef | grep logc[root@magnolia etc]# ps -ef | grep logc[root@magnolia etc]# ps -ef | grep logch[root@magnolia etc]# ps -ef | grep logch[root@magnolia etc]# ps -ef | grep logche[root@magnolia etc]# ps -ef | grep logche[root@magnolia etc]# ps -ef | grep logchec[root@magnolia etc]# ps -ef | grep logchec[root@magnolia etc]# ps -ef | grep logcheck[root@magnolia etc]# ps -ef | grep logcheck
barrie    7059  1188  0 15:24 pts/1    00:00:00 script logcheckinstall021123
barrie    7060  7059  0 15:24 pts/1    00:00:00 script logcheckinstall021123
root      7495  7126  0 22:03 pts/3    00:00:00 grep logcheck
]0;barrie@magnolia:/etcYou have new mail in /var/spool/mail/barrie
[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd /[root@magnolia etc]# cd /[root@magnolia etc]# cd /v[root@magnolia etc]# cd /v[root@magnolia etc]# cd /va[root@magnolia etc]# cd /va[root@magnolia etc]# cd /var[root@magnolia etc]# cd /var[root@magnolia etc]# cd /var/[root@magnolia etc]# cd /var/[root@magnolia etc]# cd /var/s[root@magnolia etc]# cd /var/s[root@magnolia etc]# cd /var/sp[root@magnolia etc]# cd /var/sp[root@magnolia etc]# cd /var/spo[root@magnolia etc]# cd /var/spo[root@magnolia etc]# cd /var/spoo[root@magnolia etc]# cd /var/spoo[root@magnolia etc]# cd /var/spool[root@magnolia etc]# cd /var/spool[root@magnolia etc]# cd /var/spool/[root@magnolia etc]# cd /var/spool/[root@magnolia etc]# cd /var/spool/m[root@magnolia etc]# cd /var/spool/m[root@magnolia etc]# cd /var/spool/ma[root@magnolia etc]# cd /var/spool/ma[root@magnolia etc]# cd /var/spool/mai[root@magnolia etc]# cd /var/spool/mai[root@magnolia etc]# cd /var/spool/mail[root@magnolia etc]# cd /var/spool/mail[root@magnolia etc]# cd /var/spool/mail/[root@magnolia etc]# cd /var/spool/mail/[root@magnolia etc]# cd /var/spool/mail[K[root@magnolia etc]# cd /var/spool/mail
]0;barrie@magnolia:/var/spool/mail[root@magnolia mail]# [root@magnolia mail]# [root@magnolia mail]# m[root@magnolia mail]# m[root@magnolia mail]# mo[root@magnolia mail]# mo[root@magnolia mail]# mor[root@magnolia mail]# mor[root@magnolia mail]# more[root@magnolia mail]# more[root@magnolia mail]# more [root@magnolia mail]# more [root@magnolia mail]# more b[root@magnolia mail]# more b[root@magnolia mail]# more ba[root@magnolia mail]# more ba[root@magnolia mail]# more bar[root@magnolia mail]# more bar[root@magnolia mail]# more barr[root@magnolia mail]# more barr[root@magnolia mail]# more barri[root@magnolia mail]# more barri[root@magnolia mail]# more barrie[root@magnolia mail]# more barrie
From root@magnolia.brighton.org  Sun Oct 20 13:27:22 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9KHRMh8001433
	for <root@magnolia.brighton.org>; Sun, 20 Oct 2002 13:27:22 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9KHRMwi001430
	for root; Sun, 20 Oct 2002 13:27:22 -0400
Date: Sun, 20 Oct 2002 13:27:22 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210201727.g9KHRMwi001430@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=pts/2 ; PWD=/home ; USER=root ; COMMAND=/bin/mkdir htdocs
[7m--More--(6%)[27msudo:   barrie : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/usr/bin/newaliases
sudo:   barrie : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/bin/vi aliases
sudo:   barrie : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/usr/bin/newaliases
sudo:   barrie : TTY=pts/0 ; PWD=/home/htdocs ; USER=root ; COMMAND=/usr/bin/pico index.html
sudo:   barrie : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/usr/bin/locate apachect1
sudo:   barrie : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/usr/bin/which apache
sudo:   barrie : TTY=pts/0 ; PWD=/usr ; USER=root ; COMMAND=/bin/ls


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Mon Oct 21 15:40:29 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9LJeTdg001474
	for <root@magnolia.brighton.org>; Mon, 21 Oct 2002 15:40:29 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9LJeT1u001471
	for root; Mon, 21 Oct 2002 15:40:29 -0400
Date: Mon, 21 Oct 2002 15:40:29 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210211940.g9LJeT1u001471@magnolia.brighton.org>
[7m--More--(15%)[27mTo: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 2 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/gunzip mysql-4.0.4-
beta-pc-linux-gnu-i6i6.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/cp mysql-4.0.4-beta
-pc-linux-gnu-i686.tar.gz /usr/local
sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie ; USER=root ; COMMAND=/bin/tar xzf mysql-4.0.4-bet
a-pc-linux-gnu-i686.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/tar xzf mysql-4.0.4-beta-
pc-linux-gnu-i686.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/rm mysql-4.0.4-beta-pc-li
nux-gnu-i686
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/rmdir mysql-4.0.4-beta-pc
-linux-gnu-i686
[7m--More--(21%)[27msudo:   barrie : TTY=pts/3 ; PWD=/usr/local/mysql-4.0.4-beta-pc-linux-gnu-i686 ; USER=root ; COM
MAND=/bin/rm bin ChangeLog configure COPYING COPYING.LIB data include INSTALL-BINARY lib man man
ual.html manual_toc.html manual.txt mysql-test README scripts share sql-bench support-files test
s
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local/mysql-4.0.4-beta-pc-linux-gnu-i686/bin ; USER=root ;
 COMMAND=/bin/rm comp_err isamchk msql2mysql myisamchk myisampack my_print_defaults mysql mysqla
ccess mysqlaccess.conf mysqladmin mysqlbinlog mysqlbug mysqlcheck mysql_config mysql_convert_tab
le_format mysqld mysqld_multi mysqld_safe mysqld.sym.gz mysqldump mysqldumpslow mysql_explain_lo
g mysql_find_rows mysql_fix_extensions mysql_fix_privilege_tables mysqlhotcopy mysqlimport mysql
manager mysqlmanagerc mysqlmanager-pwgen mysql_secure_installation mysql_setpermission mysqlshow
 mysql_tableinfo mysqltest mysql_zap pack_isam perror replace resolveip resolve_stack_dump safe_
mysqld
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local/mysql-4.0.4-beta-pc-linux-gnu-i686 ; USER=root ; COM
MAND=/bin/rmdir bin
sudo:   barrie : TTY=pts/4 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/cp mysql-max-4.0.3-
beta-pc-linux-gnu-i686.tar.gz /usr/local
sudo:   barrie : TTY=pts/4 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/gunzip mysql-max-4.0.3-be
ta-pc-linux-gnu-i686.tar.gz
sudo:   barrie : TTY=pts/4 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/mv mysql-max-4.0.3-beta-p
c-linux-gnu-i686.tar bin
sudo:   barrie : TTY=pts/4 ; PWD=/usr/local/bin ; USER=root ; COMMAND=/bin/tar xf mysql-max-4.0.
3-beta-pc-linux-gnu-i686.tar
sudo:   barrie : TTY=pts/0 ; PWD=/usr/local/bin ; USER=root ; COMMAND=/bin/gzip mysql-4.0.3-beta
-pc-linux-gnu-i686.tar
sudo:   barrie : TTY=pts/0 ; PWD=/usr/local/bin ; USER=root ; COMMAND=/bin/gzip mysql-max-4.0.3-
beta-pc-linux-gnu-i686.tar
[7m--More--(34%)[27mgroupadd[2491]: new group: name=mysql, gid=501 
useradd[2493]: new user: name=mysql, uid=501, gid=501, home=/home/mysql, shell=/bin/bash 
sudo:   barrie : TTY=pts/2 ; PWD=/etc ; USER=root ; COMMAND=/bin/vi passwd


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Tue Oct 22 20:58:39 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9N0wdYx001363
	for <root@magnolia.brighton.org>; Tue, 22 Oct 2002 20:58:39 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9N0wdAg001360
	for root; Tue, 22 Oct 2002 20:58:39 -0400
Date: Tue, 22 Oct 2002 20:58:39 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210230058.g9N0wdAg001360@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org


[7m--More--(40%)[27m[K
 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=tty1 ; PWD=/home/barrie ; USER=root ; COMMAND=/bin/vi /etc/passwd
sudo:   barrie : TTY=tty1 ; PWD=/home/barrie ; USER=root ; COMMAND=/sbin/shutdown -h now
sudo:   barrie : TTY=pts/2 ; PWD=/home/barrie ; USER=root ; COMMAND=/usr/local/mysql/bin/mysqldu
mp HSLTEST


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sat Oct 26 16:35:23 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9QKZNMn001161
[7m--More--(46%)[27m[K	for <root@magnolia.brighton.org>; Sat, 26 Oct 2002 16:35:23 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9QKZNVQ001158
	for root; Sat, 26 Oct 2002 16:35:23 -0400
Date: Sat, 26 Oct 2002 16:35:23 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210262035.g9QKZNVQ001158@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 
[7m--More--(51%)[27m[K
From root@magnolia.brighton.org  Sun Oct 27 20:59:43 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9S1xgf5001430
	for <root@magnolia.brighton.org>; Sun, 27 Oct 2002 20:59:42 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9S1xgGW001427
	for root; Sun, 27 Oct 2002 20:59:42 -0500
Date: Sun, 27 Oct 2002 20:59:42 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200210280159.g9S1xgGW001427@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

**Unmatched Entries**
sudo:   barrie : TTY=tty1 ; PWD=/home/barrie ; USER=root ; COMMAND=/sbin/shutdown -h now


 ----------------- Connections (secure-log) End -------------------- 
[7m--More--(58%)[27m[K


 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Mon Oct 28 07:19:55 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9SCJs5j001470
	for <root@magnolia.brighton.org>; Mon, 28 Oct 2002 07:19:54 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9SCJsnC001467
	for root; Mon, 28 Oct 2002 07:19:54 -0500
Date: Mon, 28 Oct 2002 07:19:54 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200210281219.g9SCJsnC001467@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

**Unmatched Entries**
[7m--More--(64%)[27msudo:   barrie : TTY=pts/1 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/cp php-4.2.3.tar.gz
 /usr/local
sudo:   barrie : TTY=pts/1 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/gunzip php-4.2.3.tar.gz
sudo:   barrie : TTY=pts/1 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/tar xvf php-4.2.3.tar
sudo:   barrie : TTY=pts/1 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/usr/bin/wget http://www
.openssl.org/source/openssl-0.9.6g.tar.gz


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sat Nov  9 17:58:50 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gA9Mwo2s001508
	for <root@magnolia.brighton.org>; Sat, 9 Nov 2002 17:58:50 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gA9MwnA3001505
	for root; Sat, 9 Nov 2002 17:58:49 -0500
Date: Sat, 9 Nov 2002 17:58:49 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211092258.gA9MwnA3001505@magnolia.brighton.org>
To: root@magnolia.brighton.org
[7m--More--(72%)[27mSubject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sun Nov 10 11:58:31 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAAGwVf9001283
	for <root@magnolia.brighton.org>; Sun, 10 Nov 2002 11:58:31 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAAGwUXl001280
[7m--More--(77%)[27m[K	for root; Sun, 10 Nov 2002 11:58:30 -0500
Date: Sun, 10 Nov 2002 11:58:30 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211101658.gAAGwUXl001280@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 2 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=pts/0 ; PWD=/etc/rc.d/rc3.d ; USER=root ; COMMAND=/bin/cp S85gpm S85gpmBU
sudo:   barrie : TTY=pts/0 ; PWD=/etc/rc.d/rc5.d ; USER=root ; COMMAND=/bin/cp S85gpm S85gpmBU
sudo:   barrie : TTY=pts/2 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/rm php-4.2.3.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/sbin ; USER=root ; COMMAND=/sbin/kernelversion
sudo:   barrie : TTY=pts/0 ; PWD=/home/barrie/tmp/kernel ; USER=root ; COMMAND=/bin/cp linux-2.4
.19.tar.gz /usr/src
sudo:   barrie : TTY=tty1 ; PWD=/etc ; USER=root ; COMMAND=/bin/vi grub.conf

[7m--More--(84%)[27m[K
 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sun Nov 24 22:00:01 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAP301ku007450
	for <root@magnolia.brighton.org>; Sun, 24 Nov 2002 22:00:01 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAP300pG007447
	for root; Sun, 24 Nov 2002 22:00:00 -0500
Date: Sun, 24 Nov 2002 22:00:00 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211250300.gAP300pG007447@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: magnolia.brighton.org 11/24/02:22.00 system check


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Nov 24 13:11:42 magnolia syslogd 1.4.1: restart.
Nov 24 16:10:33 magnolia su(pam_unix)[7123]: session opened for user root by (uid=500)
[7m--More--(91%)[27mNov 24 16:04:57 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND
=/bin/cp logsentry-1.1.1.tar.gz /usr/local
Nov 24 16:07:44 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/
gunzip logsentry-1.1.1.tar.gz
Nov 24 16:08:18 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/
tar tf logsentry-1.1.1.tar
Nov 24 16:09:57 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/
tar xvf logsentry-1.1.1.tar

From root@magnolia.brighton.org  Sun Nov 24 22:02:44 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAP32iku007491
	for <root@magnolia.brighton.org>; Sun, 24 Nov 2002 22:02:44 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAP32i7q007488
	for root; Sun, 24 Nov 2002 22:02:44 -0500
Date: Sun, 24 Nov 2002 22:02:44 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211250302.gAP32i7q007488@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: magnolia.brighton.org 11/24/02:22.02 system check


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
[7m--More--(99%)[27mNov 24 22:00:01 magnolia sendmail[7451]: gAP301ku007450: forward /home/barrie/.forward: Group wr
itable file

]0;barrie@magnolia:/var/spool/mail[root@magnolia mail]# [root@magnolia mail]# [root@magnolia mail]#  [root@magnolia mail]#  [root@magnolia mail]#  e[root@magnolia mail]#  e[root@magnolia mail]#  ex[root@magnolia mail]#  ex[root@magnolia mail]#  exi[root@magnolia mail]#  exi[root@magnolia mail]#  exit[root@magnolia mail]#  exit
exit
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ su[barrie@magnolia logcheck-1.1.1]$ su
Password: 
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# /[root@magnolia logcheck-1.1.1]# /[root@magnolia logcheck-1.1.1]# /u[root@magnolia logcheck-1.1.1]# /u[root@magnolia logcheck-1.1.1]# /us[root@magnolia logcheck-1.1.1]# /us[root@magnolia logcheck-1.1.1]# /usr[root@magnolia logcheck-1.1.1]# /usr[root@magnolia logcheck-1.1.1]# /usr/[root@magnolia logcheck-1.1.1]# /usr/[root@magnolia logcheck-1.1.1]# /usr/l[root@magnolia logcheck-1.1.1]# /usr/l[root@magnolia logcheck-1.1.1]# /usr/lo[root@magnolia logcheck-1.1.1]# /usr/lo[root@magnolia logcheck-1.1.1]# /usr/loc[root@magnolia logcheck-1.1.1]# /usr/loc[root@magnolia logcheck-1.1.1]# /usr/loca[root@magnolia logcheck-1.1.1]# /usr/loca[root@magnolia logcheck-1.1.1]# /usr/loca/[root@magnolia logcheck-1.1.1]# /usr/loca/[root@magnolia logcheck-1.1.1]# /usr/loca[K[root@magnolia logcheck-1.1.1]# /usr/loca[root@magnolia logcheck-1.1.1]# /usr/local[root@magnolia logcheck-1.1.1]# /usr/local[root@magnolia logcheck-1.1.1]# /usr/local/[root@magnolia logcheck-1.1.1]# /usr/local/[root@magnolia logcheck-1.1.1]# /usr/local/e[root@magnolia logcheck-1.1.1]# /usr/local/e[root@magnolia logcheck-1.1.1]# /usr/local/et[root@magnolia logcheck-1.1.1]# /usr/local/et[root@magnolia logcheck-1.1.1]# /usr/local/etc[root@magnolia logcheck-1.1.1]# /usr/local/etc[root@magnolia logcheck-1.1.1]# /usr/local/etc/[root@magnolia logcheck-1.1.1]# /usr/local/etc/[root@magnolia logcheck-1.1.1]# /usr/local/etc/l[root@magnolia logcheck-1.1.1]# /usr/local/etc/l[root@magnolia logcheck-1.1.1]# /usr/local/etc/lo[root@magnolia logcheck-1.1.1]# /usr/local/etc/lo[root@magnolia logcheck-1.1.1]# /usr/local/etc/log[root@magnolia logcheck-1.1.1]# /usr/local/etc/log[root@magnolia logcheck-1.1.1]# /usr/local/etc/logc[root@magnolia logcheck-1.1.1]# /usr/local/etc/logc[root@magnolia logcheck-1.1.1]# /usr/local/etc/logch[root@magnolia logcheck-1.1.1]# /usr/local/etc/logch[root@magnolia logcheck-1.1.1]# /usr/local/etc/logche[root@magnolia logcheck-1.1.1]# /usr/local/etc/logche[root@magnolia logcheck-1.1.1]# /usr/local/etc/logchec[root@magnolia logcheck-1.1.1]# /usr/local/etc/logchec[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.s[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.s[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.sh[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.sh
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more[K[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# mor[K[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# mo[K[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# m[K[root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# [K[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.sh[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.sh[root@magnolia logcheck-1.1.1]#  exit[K[root@magnolia logcheck-1.1.1]#  exit[root@magnolia logcheck-1.1.1]# more barrie[root@magnolia logcheck-1.1.1]# more barrie[root@magnolia logcheck-1.1.1]# cd /var/spool/mail[root@magnolia logcheck-1.1.1]# cd /var/spool/mail[root@magnolia logcheck-1.1.1]# cd /var/spool/mai[root@magnolia logcheck-1.1.1]# cd /var/spool/ma[root@magnolia logcheck-1.1.1]# cd /var/spool/m[root@magnolia logcheck-1.1.1]# cd /var/spool/[root@magnolia logcheck-1.1.1]# cd /var/spool[root@magnolia logcheck-1.1.1]# cd /var/spoo[root@magnolia logcheck-1.1.1]# cd /var/spo[root@magnolia logcheck-1.1.1]# cd /var/sp[root@magnolia logcheck-1.1.1]# cd /var/s[root@magnolia logcheck-1.1.1]# cd /var/[root@magnolia logcheck-1.1.1]# cd /var[root@magnolia logcheck-1.1.1]# cd /va[root@magnolia logcheck-1.1.1]# cd /v[root@magnolia logcheck-1.1.1]# cd /[root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# c[1P /var/spool/mail[root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# [1P /var/spool/mail[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# m /var/spool/mail[root@magnolia logcheck-1.1.1]# m[root@magnolia logcheck-1.1.1]# mo /var/spool/mail[root@magnolia logcheck-1.1.1]# mo[root@magnolia logcheck-1.1.1]# mor /var/spool/mail[root@magnolia logcheck-1.1.1]# mor[root@magnolia logcheck-1.1.1]# more /var/spool/mail[root@magnolia logcheck-1.1.1]# more[root@magnolia logcheck-1.1.1]# more [root@magnolia logcheck-1.1.1]# more /[root@magnolia logcheck-1.1.1]# more /v[root@magnolia logcheck-1.1.1]# more /va[root@magnolia logcheck-1.1.1]# more /var[root@magnolia logcheck-1.1.1]# more /var/[root@magnolia logcheck-1.1.1]# more /var/s[root@magnolia logcheck-1.1.1]# more /var/sp[root@magnolia logcheck-1.1.1]# more /var/spo[root@magnolia logcheck-1.1.1]# more /var/spoo[root@magnolia logcheck-1.1.1]# more /var/spool[root@magnolia logcheck-1.1.1]# more /var/spool/[root@magnolia logcheck-1.1.1]# more /var/spool/m[root@magnolia logcheck-1.1.1]# more /var/spool/ma[root@magnolia logcheck-1.1.1]# more /var/spool/mai[root@magnolia logcheck-1.1.1]# more /var/spool/mail[root@magnolia logcheck-1.1.1]# more /var/spool/mail/[root@magnolia logcheck-1.1.1]# more /var/spool/mail/[root@magnolia logcheck-1.1.1]# more /var/spool/mail/b[root@magnolia logcheck-1.1.1]# more /var/spool/mail/b[root@magnolia logcheck-1.1.1]# more /var/spool/mail/ba[root@magnolia logcheck-1.1.1]# more /var/spool/mail/ba[root@magnolia logcheck-1.1.1]# more /var/spool/mail/bar[root@magnolia logcheck-1.1.1]# more /var/spool/mail/bar[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barr[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barr[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barri[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barri[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barrie[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barrie[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barri[K[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barri[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barr[K[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barr[root@magnolia logcheck-1.1.1]# more /var/spool/mail/bar[K[root@magnolia logcheck-1.1.1]# more /var/spool/mail/bar[root@magnolia logcheck-1.1.1]# more /var/spool/mail/ba[K[root@magnolia logcheck-1.1.1]# more /var/spool/mail/ba[root@magnolia logcheck-1.1.1]# more /var/spool/mail/b[K[root@magnolia logcheck-1.1.1]# more /var/spool/mail/b[root@magnolia logcheck-1.1.1]# more /var/spool/mail/[K[root@magnolia logcheck-1.1.1]# more /var/spool/mail/[root@magnolia logcheck-1.1.1]# more /var/spool/mail/r[root@magnolia logcheck-1.1.1]# more /var/spool/mail/r[root@magnolia logcheck-1.1.1]# more /var/spool/mail/ro[root@magnolia logcheck-1.1.1]# more /var/spool/mail/ro[root@magnolia logcheck-1.1.1]# more /var/spool/mail/roo[root@magnolia logcheck-1.1.1]# more /var/spool/mail/roo[root@magnolia logcheck-1.1.1]# more /var/spool/mail/root[root@magnolia logcheck-1.1.1]# more /var/spool/mail/root
/var/spool/mail/root: No such file or directory
]0;barrie@magnolia:/usr/local/logcheck-1.1.1You have new mail in /var/spool/mail/barrie
[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# more /var/spool/mail/root[root@magnolia logcheck-1.1.1]# more /var/spool/mail/root[root@magnolia logcheck-1.1.1]# more /var/spool/mail/roo[K[root@magnolia logcheck-1.1.1]# more /var/spool/mail/roo[root@magnolia logcheck-1.1.1]# more /var/spool/mail/ro[K[root@magnolia logcheck-1.1.1]# more /var/spool/mail/ro[root@magnolia logcheck-1.1.1]# more /var/spool/mail/r[K[root@magnolia logcheck-1.1.1]# more /var/spool/mail/r[root@magnolia logcheck-1.1.1]# more /var/spool/mail/[K[root@magnolia logcheck-1.1.1]# more /var/spool/mail/[root@magnolia logcheck-1.1.1]# more /var/spool/mail/b[root@magnolia logcheck-1.1.1]# more /var/spool/mail/b[root@magnolia logcheck-1.1.1]# more /var/spool/mail/ba[root@magnolia logcheck-1.1.1]# more /var/spool/mail/ba[root@magnolia logcheck-1.1.1]# more /var/spool/mail/bar[root@magnolia logcheck-1.1.1]# more /var/spool/mail/bar[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barr[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barr[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barri[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barri[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barrie[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barrie
From root@magnolia.brighton.org  Sun Oct 20 13:27:22 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9KHRMh8001433
	for <root@magnolia.brighton.org>; Sun, 20 Oct 2002 13:27:22 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9KHRMwi001430
	for root; Sun, 20 Oct 2002 13:27:22 -0400
Date: Sun, 20 Oct 2002 13:27:22 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210201727.g9KHRMwi001430@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=pts/2 ; PWD=/home ; USER=root ; COMMAND=/bin/mkdir htdocs
[7m--More--(6%)[27msudo:   barrie : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/usr/bin/newaliases
sudo:   barrie : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/bin/vi aliases
sudo:   barrie : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/usr/bin/newaliases
sudo:   barrie : TTY=pts/0 ; PWD=/home/htdocs ; USER=root ; COMMAND=/usr/bin/pico index.html
sudo:   barrie : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/usr/bin/locate apachect1
sudo:   barrie : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/usr/bin/which apache
sudo:   barrie : TTY=pts/0 ; PWD=/usr ; USER=root ; COMMAND=/bin/ls


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Mon Oct 21 15:40:29 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9LJeTdg001474
	for <root@magnolia.brighton.org>; Mon, 21 Oct 2002 15:40:29 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9LJeT1u001471
	for root; Mon, 21 Oct 2002 15:40:29 -0400
Date: Mon, 21 Oct 2002 15:40:29 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210211940.g9LJeT1u001471@magnolia.brighton.org>
[7m--More--(14%)[27mTo: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 2 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/gunzip mysql-4.0.4-
beta-pc-linux-gnu-i6i6.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/cp mysql-4.0.4-beta
-pc-linux-gnu-i686.tar.gz /usr/local
sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie ; USER=root ; COMMAND=/bin/tar xzf mysql-4.0.4-bet
a-pc-linux-gnu-i686.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/tar xzf mysql-4.0.4-beta-
pc-linux-gnu-i686.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/rm mysql-4.0.4-beta-pc-li
nux-gnu-i686
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/rmdir mysql-4.0.4-beta-pc
-linux-gnu-i686
[7m--More--(20%)[27msudo:   barrie : TTY=pts/3 ; PWD=/usr/local/mysql-4.0.4-beta-pc-linux-gnu-i686 ; USER=root ; COM
MAND=/bin/rm bin ChangeLog configure COPYING COPYING.LIB data include INSTALL-BINARY lib man man
ual.html manual_toc.html manual.txt mysql-test README scripts share sql-bench support-files test
s
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local/mysql-4.0.4-beta-pc-linux-gnu-i686/bin ; USER=root ;
 COMMAND=/bin/rm comp_err isamchk msql2mysql myisamchk myisampack my_print_defaults mysql mysqla
ccess mysqlaccess.conf mysqladmin mysqlbinlog mysqlbug mysqlcheck mysql_config mysql_convert_tab
le_format mysqld mysqld_multi mysqld_safe mysqld.sym.gz mysqldump mysqldumpslow mysql_explain_lo
g mysql_find_rows mysql_fix_extensions mysql_fix_privilege_tables mysqlhotcopy mysqlimport mysql
manager mysqlmanagerc mysqlmanager-pwgen mysql_secure_installation mysql_setpermission mysqlshow
 mysql_tableinfo mysqltest mysql_zap pack_isam perror replace resolveip resolve_stack_dump safe_
mysqld
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local/mysql-4.0.4-beta-pc-linux-gnu-i686 ; USER=root ; COM
MAND=/bin/rmdir bin
sudo:   barrie : TTY=pts/4 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/cp mysql-max-4.0.3-
beta-pc-linux-gnu-i686.tar.gz /usr/local
sudo:   barrie : TTY=pts/4 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/gunzip mysql-max-4.0.3-be
ta-pc-linux-gnu-i686.tar.gz
sudo:   barrie : TTY=pts/4 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/mv mysql-max-4.0.3-beta-p
c-linux-gnu-i686.tar bin
sudo:   barrie : TTY=pts/4 ; PWD=/usr/local/bin ; USER=root ; COMMAND=/bin/tar xf mysql-max-4.0.
3-beta-pc-linux-gnu-i686.tar
sudo:   barrie : TTY=pts/0 ; PWD=/usr/local/bin ; USER=root ; COMMAND=/bin/gzip mysql-4.0.3-beta
-pc-linux-gnu-i686.tar
sudo:   barrie : TTY=pts/0 ; PWD=/usr/local/bin ; USER=root ; COMMAND=/bin/gzip mysql-max-4.0.3-
beta-pc-linux-gnu-i686.tar
[7m--More--(31%)[27mgroupadd[2491]: new group: name=mysql, gid=501 
useradd[2493]: new user: name=mysql, uid=501, gid=501, home=/home/mysql, shell=/bin/bash 
sudo:   barrie : TTY=pts/2 ; PWD=/etc ; USER=root ; COMMAND=/bin/vi passwd


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Tue Oct 22 20:58:39 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9N0wdYx001363
	for <root@magnolia.brighton.org>; Tue, 22 Oct 2002 20:58:39 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9N0wdAg001360
	for root; Tue, 22 Oct 2002 20:58:39 -0400
Date: Tue, 22 Oct 2002 20:58:39 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210230058.g9N0wdAg001360@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org


[7m--More--(38%)[27m[K
 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=tty1 ; PWD=/home/barrie ; USER=root ; COMMAND=/bin/vi /etc/passwd
sudo:   barrie : TTY=tty1 ; PWD=/home/barrie ; USER=root ; COMMAND=/sbin/shutdown -h now
sudo:   barrie : TTY=pts/2 ; PWD=/home/barrie ; USER=root ; COMMAND=/usr/local/mysql/bin/mysqldu
mp HSLTEST


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sat Oct 26 16:35:23 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9QKZNMn001161
[7m--More--(43%)[27m[K	for <root@magnolia.brighton.org>; Sat, 26 Oct 2002 16:35:23 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9QKZNVQ001158
	for root; Sat, 26 Oct 2002 16:35:23 -0400
Date: Sat, 26 Oct 2002 16:35:23 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210262035.g9QKZNVQ001158@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 
[7m--More--(48%)[27m[K
From root@magnolia.brighton.org  Sun Oct 27 20:59:43 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9S1xgf5001430
	for <root@magnolia.brighton.org>; Sun, 27 Oct 2002 20:59:42 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9S1xgGW001427
	for root; Sun, 27 Oct 2002 20:59:42 -0500
Date: Sun, 27 Oct 2002 20:59:42 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200210280159.g9S1xgGW001427@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

**Unmatched Entries**
sudo:   barrie : TTY=tty1 ; PWD=/home/barrie ; USER=root ; COMMAND=/sbin/shutdown -h now


 ----------------- Connections (secure-log) End -------------------- 
[7m--More--(54%)[27m[K


 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Mon Oct 28 07:19:55 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9SCJs5j001470
	for <root@magnolia.brighton.org>; Mon, 28 Oct 2002 07:19:54 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9SCJsnC001467
	for root; Mon, 28 Oct 2002 07:19:54 -0500
Date: Mon, 28 Oct 2002 07:19:54 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200210281219.g9SCJsnC001467@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

**Unmatched Entries**
[7m--More--(60%)[27msudo:   barrie : TTY=pts/1 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/cp php-4.2.3.tar.gz
 /usr/local
sudo:   barrie : TTY=pts/1 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/gunzip php-4.2.3.tar.gz
sudo:   barrie : TTY=pts/1 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/tar xvf php-4.2.3.tar
sudo:   barrie : TTY=pts/1 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/usr/bin/wget http://www
.openssl.org/source/openssl-0.9.6g.tar.gz


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sat Nov  9 17:58:50 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gA9Mwo2s001508
	for <root@magnolia.brighton.org>; Sat, 9 Nov 2002 17:58:50 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gA9MwnA3001505
	for root; Sat, 9 Nov 2002 17:58:49 -0500
Date: Sat, 9 Nov 2002 17:58:49 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211092258.gA9MwnA3001505@magnolia.brighton.org>
To: root@magnolia.brighton.org
[7m--More--(67%)[27mSubject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sun Nov 10 11:58:31 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAAGwVf9001283
	for <root@magnolia.brighton.org>; Sun, 10 Nov 2002 11:58:31 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAAGwUXl001280
[7m--More--(72%)[27m[K	for root; Sun, 10 Nov 2002 11:58:30 -0500
Date: Sun, 10 Nov 2002 11:58:30 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211101658.gAAGwUXl001280@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 2 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=pts/0 ; PWD=/etc/rc.d/rc3.d ; USER=root ; COMMAND=/bin/cp S85gpm S85gpmBU
sudo:   barrie : TTY=pts/0 ; PWD=/etc/rc.d/rc5.d ; USER=root ; COMMAND=/bin/cp S85gpm S85gpmBU
sudo:   barrie : TTY=pts/2 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/rm php-4.2.3.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/sbin ; USER=root ; COMMAND=/sbin/kernelversion
sudo:   barrie : TTY=pts/0 ; PWD=/home/barrie/tmp/kernel ; USER=root ; COMMAND=/bin/cp linux-2.4
.19.tar.gz /usr/src
sudo:   barrie : TTY=tty1 ; PWD=/etc ; USER=root ; COMMAND=/bin/vi grub.conf

[7m--More--(79%)[27m[K
 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sun Nov 24 22:00:01 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAP301ku007450
	for <root@magnolia.brighton.org>; Sun, 24 Nov 2002 22:00:01 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAP300pG007447
	for root; Sun, 24 Nov 2002 22:00:00 -0500
Date: Sun, 24 Nov 2002 22:00:00 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211250300.gAP300pG007447@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: magnolia.brighton.org 11/24/02:22.00 system check


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Nov 24 13:11:42 magnolia syslogd 1.4.1: restart.
Nov 24 16:10:33 magnolia su(pam_unix)[7123]: session opened for user root by (uid=500)
[7m--More--(85%)[27mNov 24 16:04:57 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND
=/bin/cp logsentry-1.1.1.tar.gz /usr/local
Nov 24 16:07:44 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/
gunzip logsentry-1.1.1.tar.gz
Nov 24 16:08:18 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/
tar tf logsentry-1.1.1.tar
Nov 24 16:09:57 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/
tar xvf logsentry-1.1.1.tar

From root@magnolia.brighton.org  Sun Nov 24 22:02:44 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAP32iku007491
	for <root@magnolia.brighton.org>; Sun, 24 Nov 2002 22:02:44 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAP32i7q007488
	for root; Sun, 24 Nov 2002 22:02:44 -0500
Date: Sun, 24 Nov 2002 22:02:44 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211250302.gAP32i7q007488@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: magnolia.brighton.org 11/24/02:22.02 system check


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
[7m--More--(93%)[27mNov 24 22:00:01 magnolia sendmail[7451]: gAP301ku007450: forward /home/barrie/.forward: Group wr
itable file

From root@magnolia.brighton.org  Sun Nov 24 22:09:41 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAP39fku007546
	for <root@magnolia.brighton.org>; Sun, 24 Nov 2002 22:09:41 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAP39fFx007543
	for root; Sun, 24 Nov 2002 22:09:41 -0500
Date: Sun, 24 Nov 2002 22:09:41 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211250309.gAP39fFx007543@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: magnolia.brighton.org 11/24/02:22.09 system check


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Nov 24 22:09:19 magnolia su(pam_unix)[7123]: session closed for user root
Nov 24 22:09:28 magnolia su(pam_unix)[7500]: session opened for user root by (uid=500)
Nov 24 22:02:44 magnolia sendmail[7492]: gAP32iku007491: forward /home/barrie/.forward: Group wr
itable file

]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# p[root@magnolia logcheck-1.1.1]# p[root@magnolia logcheck-1.1.1]# ps[root@magnolia logcheck-1.1.1]# ps[root@magnolia logcheck-1.1.1]# ps [root@magnolia logcheck-1.1.1]# ps [root@magnolia logcheck-1.1.1]# ps -[root@magnolia logcheck-1.1.1]# ps -[root@magnolia logcheck-1.1.1]# ps -e[root@magnolia logcheck-1.1.1]# ps -e[root@magnolia logcheck-1.1.1]# ps -ef[root@magnolia logcheck-1.1.1]# ps -ef[root@magnolia logcheck-1.1.1]# ps -ef [root@magnolia logcheck-1.1.1]# ps -ef [root@magnolia logcheck-1.1.1]# ps -ef c[root@magnolia logcheck-1.1.1]# ps -ef c[root@magnolia logcheck-1.1.1]# ps -ef cr[root@magnolia logcheck-1.1.1]# ps -ef cr[root@magnolia logcheck-1.1.1]# ps -ef cro[root@magnolia logcheck-1.1.1]# ps -ef cro[root@magnolia logcheck-1.1.1]# ps -ef cron[root@magnolia logcheck-1.1.1]# ps -ef cron[root@magnolia logcheck-1.1.1]# ps -ef crond[root@magnolia logcheck-1.1.1]# ps -ef crond[root@magnolia logcheck-1.1.1]# ps -ef cron[K[root@magnolia logcheck-1.1.1]# ps -ef cron[root@magnolia logcheck-1.1.1]# ps -ef cro[K[root@magnolia logcheck-1.1.1]# ps -ef cro[root@magnolia logcheck-1.1.1]# ps -ef cr[K[root@magnolia logcheck-1.1.1]# ps -ef cr[root@magnolia logcheck-1.1.1]# ps -ef c[K[root@magnolia logcheck-1.1.1]# ps -ef c[root@magnolia logcheck-1.1.1]# ps -ef [K[root@magnolia logcheck-1.1.1]# ps -ef [root@magnolia logcheck-1.1.1]# ps -ef |[root@magnolia logcheck-1.1.1]# ps -ef |[root@magnolia logcheck-1.1.1]# ps -ef | [root@magnolia logcheck-1.1.1]# ps -ef | [root@magnolia logcheck-1.1.1]# ps -ef | g[root@magnolia logcheck-1.1.1]# ps -ef | g[root@magnolia logcheck-1.1.1]# ps -ef | gr[root@magnolia logcheck-1.1.1]# ps -ef | gr[root@magnolia logcheck-1.1.1]# ps -ef | gre[root@magnolia logcheck-1.1.1]# ps -ef | gre[root@magnolia logcheck-1.1.1]# ps -ef | grep[root@magnolia logcheck-1.1.1]# ps -ef | grep[root@magnolia logcheck-1.1.1]# ps -ef | grep [root@magnolia logcheck-1.1.1]# ps -ef | grep [root@magnolia logcheck-1.1.1]# ps -ef | grep c[root@magnolia logcheck-1.1.1]# ps -ef | grep c[root@magnolia logcheck-1.1.1]# ps -ef | grep cr[root@magnolia logcheck-1.1.1]# ps -ef | grep cr[root@magnolia logcheck-1.1.1]# ps -ef | grep cro[root@magnolia logcheck-1.1.1]# ps -ef | grep cro[root@magnolia logcheck-1.1.1]# ps -ef | grep cron[root@magnolia logcheck-1.1.1]# ps -ef | grep cron[root@magnolia logcheck-1.1.1]# ps -ef | grep crond[root@magnolia logcheck-1.1.1]# ps -ef | grep crond
root       907     1  0 12:06 ?        00:00:00 crond
root      7558  7503  0 22:39 pts/3    00:00:00 grep crond
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# p[root@magnolia logcheck-1.1.1]# p[root@magnolia logcheck-1.1.1]# pr[root@magnolia logcheck-1.1.1]# pr[root@magnolia logcheck-1.1.1]# p[K[root@magnolia logcheck-1.1.1]# p[root@magnolia logcheck-1.1.1]# ps[root@magnolia logcheck-1.1.1]# ps[root@magnolia logcheck-1.1.1]# ps [root@magnolia logcheck-1.1.1]# ps [root@magnolia logcheck-1.1.1]# ps -[root@magnolia logcheck-1.1.1]# ps -[root@magnolia logcheck-1.1.1]# ps -e[root@magnolia logcheck-1.1.1]# ps -e[root@magnolia logcheck-1.1.1]# ps -ef[root@magnolia logcheck-1.1.1]# ps -ef[root@magnolia logcheck-1.1.1]# ps -ef [root@magnolia logcheck-1.1.1]# ps -ef [root@magnolia logcheck-1.1.1]# ps -ef |[root@magnolia logcheck-1.1.1]# ps -ef |[root@magnolia logcheck-1.1.1]# ps -ef | [root@magnolia logcheck-1.1.1]# ps -ef | [root@magnolia logcheck-1.1.1]# ps -ef | g[root@magnolia logcheck-1.1.1]# ps -ef | g[root@magnolia logcheck-1.1.1]# ps -ef | gr[root@magnolia logcheck-1.1.1]# ps -ef | gr[root@magnolia logcheck-1.1.1]# ps -ef | gre[root@magnolia logcheck-1.1.1]# ps -ef | gre[root@magnolia logcheck-1.1.1]# ps -ef | grep[root@magnolia logcheck-1.1.1]# ps -ef | grep[root@magnolia logcheck-1.1.1]# ps -ef | grep [root@magnolia logcheck-1.1.1]# ps -ef | grep [root@magnolia logcheck-1.1.1]# ps -ef | grep l[root@magnolia logcheck-1.1.1]# ps -ef | grep l[root@magnolia logcheck-1.1.1]# ps -ef | grep lo[root@magnolia logcheck-1.1.1]# ps -ef | grep lo[root@magnolia logcheck-1.1.1]# ps -ef | grep loc[root@magnolia logcheck-1.1.1]# ps -ef | grep loc[root@magnolia logcheck-1.1.1]# ps -ef | grep lo[K[root@magnolia logcheck-1.1.1]# ps -ef | grep lo[root@magnolia logcheck-1.1.1]# ps -ef | grep log[root@magnolia logcheck-1.1.1]# ps -ef | grep log[root@magnolia logcheck-1.1.1]# ps -ef | grep logc[root@magnolia logcheck-1.1.1]# ps -ef | grep logc[root@magnolia logcheck-1.1.1]# ps -ef | grep logch[root@magnolia logcheck-1.1.1]# ps -ef | grep logch[root@magnolia logcheck-1.1.1]# ps -ef | grep logche[root@magnolia logcheck-1.1.1]# ps -ef | grep logche[root@magnolia logcheck-1.1.1]# ps -ef | grep logchec[root@magnolia logcheck-1.1.1]# ps -ef | grep logchec[root@magnolia logcheck-1.1.1]# ps -ef | grep logcheck[root@magnolia logcheck-1.1.1]# ps -ef | grep logcheck
barrie    7059  1188  0 15:24 pts/1    00:00:00 script logcheckinstall021123
barrie    7060  7059  0 15:24 pts/1    00:00:00 script logcheckinstall021123
root      7556  7158  0 22:26 pts/4    00:00:00 more logcheck.sh
root      7560  7503  0 22:39 pts/3    00:00:00 grep logcheck
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# c[root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# cd[root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd [root@magnolia logcheck-1.1.1]# cd /[root@magnolia logcheck-1.1.1]# cd /[root@magnolia logcheck-1.1.1]# cd /v[root@magnolia logcheck-1.1.1]# cd /v[root@magnolia logcheck-1.1.1]# cd /va[root@magnolia logcheck-1.1.1]# cd /va[root@magnolia logcheck-1.1.1]# cd /var[root@magnolia logcheck-1.1.1]# cd /var[root@magnolia logcheck-1.1.1]# cd /var/[root@magnolia logcheck-1.1.1]# cd /var/[root@magnolia logcheck-1.1.1]# cd /var/l[root@magnolia logcheck-1.1.1]# cd /var/l[root@magnolia logcheck-1.1.1]# cd /var/lo[root@magnolia logcheck-1.1.1]# cd /var/lo[root@magnolia logcheck-1.1.1]# cd /var/log[root@magnolia logcheck-1.1.1]# cd /var/log
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# l[root@magnolia log]# l[root@magnolia log]# ls[root@magnolia log]# ls
[00m[00mboot.log[00m    [00mcron.4[00m   [00mksyms.4[00m    [00mmaillog.offset[00m   [00mrpmpkgs.2[00m         [00msecure.4[00m       [00mup2date.2[00m
[00mboot.log.1[00m  [00;34mcups[00m     [00mksyms.5[00m    [00mmessages[00m         [00mrpmpkgs.3[00m         [00msecure.offset[00m  [00mup2date.3[00m
[00mboot.log.2[00m  [00mdmesg[00m    [00mksyms.6[00m    [00mmessages.1[00m       [00mrpmpkgs.4[00m         [00mspooler[00m        [00mup2date.4[00m
[00mboot.log.3[00m  [00;34mgdm[00m      [00mlastlog[00m    [00mmessages.2[00m       [00;34msamba[00m             [00mspooler.1[00m      [00;34mvbox[00m
[00mboot.log.4[00m  [00;34mhttpd[00m    [00mmaillog[00m    [00mmessages.3[00m       [00mscrollkeeper.log[00m  [00mspooler.2[00m      [00mwtmp[00m
[00mcron[00m        [00mksyms.0[00m  [00mmaillog.1[00m  [00mmessages.4[00m       [00msecure[00m            [00mspooler.3[00m      [00mwtmp.1[00m
[00mcron.1[00m      [00mksyms.1[00m  [00mmaillog.2[00m  [00mmessages.offset[00m  [00msecure.1[00m          [00mspooler.4[00m      [00mXFree86.0.log[00m
[00mcron.2[00m      [00mksyms.2[00m  [00mmaillog.3[00m  [00mrpmpkgs[00m          [00msecure.2[00m          [00mup2date[00m
[00mcron.3[00m      [00mksyms.3[00m  [00mmaillog.4[00m  [00mrpmpkgs.1[00m        [00msecure.3[00m          [00mup2date.1[00m
[m]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# m[root@magnolia log]# m[root@magnolia log]# mo[root@magnolia log]# mo[root@magnolia log]# mor[root@magnolia log]# mor[root@magnolia log]# more[root@magnolia log]# more[root@magnolia log]# more [root@magnolia log]# more [root@magnolia log]# more m[root@magnolia log]# more m[root@magnolia log]# more me[root@magnolia log]# more me[root@magnolia log]# more mes[root@magnolia log]# more mes[root@magnolia log]# more mess[root@magnolia log]# more mess[root@magnolia log]# more messa[root@magnolia log]# more messa[root@magnolia log]# more messag[root@magnolia log]# more messag[root@magnolia log]# more message[root@magnolia log]# more message[root@magnolia log]# more messages[root@magnolia log]# more messages[root@magnolia log]# more messages.[root@magnolia log]# more messages.[root@magnolia log]# more messages.o[root@magnolia log]# more messages.o[root@magnolia log]# more messages.of[root@magnolia log]# more messages.of[root@magnolia log]# more messages.off[root@magnolia log]# more messages.off[root@magnolia log]# more messages.offs[root@magnolia log]# more messages.offs[root@magnolia log]# more messages.offse[root@magnolia log]# more messages.offse[root@magnolia log]# more messages.offset[root@magnolia log]# more messages.offset
882248
297
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# cd[root@magnolia log]# cd[root@magnolia log]# cd [root@magnolia log]# cd [root@magnolia log]# cd ,[root@magnolia log]# cd ,[root@magnolia log]# cd ,e[root@magnolia log]# cd ,e[root@magnolia log]# cd ,es[root@magnolia log]# cd ,es[root@magnolia log]# cd ,e[K[root@magnolia log]# cd ,e[root@magnolia log]# cd ,[K[root@magnolia log]# cd ,[root@magnolia log]# cd [K[root@magnolia log]# cd [root@magnolia log]# cd m[root@magnolia log]# cd m[root@magnolia log]# cd me[root@magnolia log]# cd me[root@magnolia log]# cd mes[root@magnolia log]# cd mes[root@magnolia log]# cd mess[root@magnolia log]# cd mess[root@magnolia log]# cd messa[root@magnolia log]# cd messa[root@magnolia log]# cd messag[root@magnolia log]# cd messag[root@magnolia log]# cd message[root@magnolia log]# cd message[root@magnolia log]# cd messages[root@magnolia log]# cd messages
bash: cd: messages: Not a directory
]0;barrie@magnolia:/var/log[root@magnolia log]# [root@magnolia log]# [root@magnolia log]# [root@magnolia log]# c[root@magnolia log]# c[root@magnolia log]# cd[root@magnolia log]# cd[root@magnolia log]# cd [root@magnolia log]# cd [root@magnolia log]# cd /[root@magnolia log]# cd /[root@magnolia log]# cd /u[root@magnolia log]# cd /u[root@magnolia log]# cd /us[root@magnolia log]# cd /us[root@magnolia log]# cd /usr[root@magnolia log]# cd /usr[root@magnolia log]# cd /usr/[root@magnolia log]# cd /usr/[root@magnolia log]# cd /usr/l[root@magnolia log]# cd /usr/l[root@magnolia log]# cd /usr/lo[root@magnolia log]# cd /usr/lo[root@magnolia log]# cd /usr/loc[root@magnolia log]# cd /usr/loc[root@magnolia log]# cd /usr/loca[root@magnolia log]# cd /usr/loca[root@magnolia log]# cd /usr/local[root@magnolia log]# cd /usr/local[root@magnolia log]# cd /usr/local/[root@magnolia log]# cd /usr/local/[root@magnolia log]# cd /usr/local/e[root@magnolia log]# cd /usr/local/e[root@magnolia log]# cd /usr/local/et[root@magnolia log]# cd /usr/local/et[root@magnolia log]# cd /usr/local/etc[root@magnolia log]# cd /usr/local/etc
]0;barrie@magnolia:/usr/local/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# l[root@magnolia etc]# l[root@magnolia etc]# ls[root@magnolia etc]# ls
[00m[00mlogcheck.hacking[00m  [00;32mlogcheck.sh[00m          [00mlogcheck.violations.ignore[00m
[00mlogcheck.ignore[00m   [00mlogcheck.violations[00m  [00;34mtmp[00m
[m]0;barrie@magnolia:/usr/local/etc[root@magnolia etc]# [root@magnolia etc]# [root@magnolia etc]# c[root@magnolia etc]# c[root@magnolia etc]# cd[root@magnolia etc]# cd[root@magnolia etc]# cd [root@magnolia etc]# cd [root@magnolia etc]# cd t[root@magnolia etc]# cd t[root@magnolia etc]# cd tm[root@magnolia etc]# cd tm[root@magnolia etc]# cd tmp[root@magnolia etc]# cd tmp
]0;barrie@magnolia:/usr/local/etc/tmp[root@magnolia tmp]# [root@magnolia tmp]# [root@magnolia tmp]# l[root@magnolia tmp]# l[root@magnolia tmp]# ls[root@magnolia tmp]# ls
[00m[m]0;barrie@magnolia:/usr/local/etc/tmp[root@magnolia tmp]# [root@magnolia tmp]# [root@magnolia tmp]# /[root@magnolia tmp]# /[root@magnolia tmp]# /u[root@magnolia tmp]# /u[root@magnolia tmp]# /us[root@magnolia tmp]# /us[root@magnolia tmp]# /usr[root@magnolia tmp]# /usr[root@magnolia tmp]# /usr/[root@magnolia tmp]# /usr/[root@magnolia tmp]# /usr[K[root@magnolia tmp]# /usr[root@magnolia tmp]# /us[K[root@magnolia tmp]# /us[root@magnolia tmp]# /u[K[root@magnolia tmp]# /u[root@magnolia tmp]# /[K[root@magnolia tmp]# /[root@magnolia tmp]# [K[root@magnolia tmp]# [root@magnolia tmp]# e[root@magnolia tmp]# e[root@magnolia tmp]# ex[root@magnolia tmp]# ex[root@magnolia tmp]# exi[root@magnolia tmp]# exi[root@magnolia tmp]# exit[root@magnolia tmp]# exit[root@magnolia tmp]# exit/[root@magnolia tmp]# exit/[root@magnolia tmp]# exit[K[root@magnolia tmp]# exit
exit
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ su[barrie@magnolia logcheck-1.1.1]$ su
Password: 
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# /[root@magnolia logcheck-1.1.1]# /[root@magnolia logcheck-1.1.1]# /u[root@magnolia logcheck-1.1.1]# /u[root@magnolia logcheck-1.1.1]# /us[root@magnolia logcheck-1.1.1]# /us[root@magnolia logcheck-1.1.1]# /usr[root@magnolia logcheck-1.1.1]# /usr[root@magnolia logcheck-1.1.1]# /usr/[root@magnolia logcheck-1.1.1]# /usr/[root@magnolia logcheck-1.1.1]# /usr/l[root@magnolia logcheck-1.1.1]# /usr/l[root@magnolia logcheck-1.1.1]# /usr/lo[root@magnolia logcheck-1.1.1]# /usr/lo[root@magnolia logcheck-1.1.1]# /usr/loc[root@magnolia logcheck-1.1.1]# /usr/loc[root@magnolia logcheck-1.1.1]# /usr/loca[root@magnolia logcheck-1.1.1]# /usr/loca[root@magnolia logcheck-1.1.1]# /usr/local[root@magnolia logcheck-1.1.1]# /usr/local[root@magnolia logcheck-1.1.1]# /usr/local/[root@magnolia logcheck-1.1.1]# /usr/local/[root@magnolia logcheck-1.1.1]# /usr/local/e[root@magnolia logcheck-1.1.1]# /usr/local/e[root@magnolia logcheck-1.1.1]# /usr/local/et[root@magnolia logcheck-1.1.1]# /usr/local/et[root@magnolia logcheck-1.1.1]# /usr/local/etc[root@magnolia logcheck-1.1.1]# /usr/local/etc[root@magnolia logcheck-1.1.1]# /usr/local/etc/[root@magnolia logcheck-1.1.1]# /usr/local/etc/[root@magnolia logcheck-1.1.1]# /usr/local/etc/l[root@magnolia logcheck-1.1.1]# /usr/local/etc/l[root@magnolia logcheck-1.1.1]# /usr/local/etc/lo[root@magnolia logcheck-1.1.1]# /usr/local/etc/lo[root@magnolia logcheck-1.1.1]# /usr/local/etc/log[root@magnolia logcheck-1.1.1]# /usr/local/etc/log[root@magnolia logcheck-1.1.1]# /usr/local/etc/logc[root@magnolia logcheck-1.1.1]# /usr/local/etc/logc[root@magnolia logcheck-1.1.1]# /usr/local/etc/logch[root@magnolia logcheck-1.1.1]# /usr/local/etc/logch[root@magnolia logcheck-1.1.1]# /usr/local/etc/logche[root@magnolia logcheck-1.1.1]# /usr/local/etc/logche[root@magnolia logcheck-1.1.1]# /usr/local/etc/logchec[root@magnolia logcheck-1.1.1]# /usr/local/etc/logchec[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.s[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.s[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.sh[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.sh
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# e[root@magnolia logcheck-1.1.1]# e[root@magnolia logcheck-1.1.1]# ex[root@magnolia logcheck-1.1.1]# ex[root@magnolia logcheck-1.1.1]# exi[root@magnolia logcheck-1.1.1]# exi[root@magnolia logcheck-1.1.1]# exit[root@magnolia logcheck-1.1.1]# exit
exit
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ s[barrie@magnolia logcheck-1.1.1]$ su[barrie@magnolia logcheck-1.1.1]$ su
Password: 
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# exit[root@magnolia logcheck-1.1.1]# exit[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.sh[root@magnolia logcheck-1.1.1]# /usr/local/etc/logcheck.sh[root@magnolia logcheck-1.1.1]# exit[K[root@magnolia logcheck-1.1.1]# exit[root@magnolia logcheck-1.1.1]# [2Pls[root@magnolia logcheck-1.1.1]# ls[root@magnolia logcheck-1.1.1]# cd tmp[root@magnolia logcheck-1.1.1]# cd tmp[root@magnolia logcheck-1.1.1]# [4Pls[root@magnolia logcheck-1.1.1]# ls[root@magnolia logcheck-1.1.1]# cd /usr/local/etc[root@magnolia logcheck-1.1.1]# cd /usr/local/etc[root@magnolia logcheck-1.1.1]# cd [6Pmessages[root@magnolia logcheck-1.1.1]# cd messages[root@magnolia logcheck-1.1.1]# more messages.offset[root@magnolia logcheck-1.1.1]# more messages.offset[root@magnolia logcheck-1.1.1]# ls[K[root@magnolia logcheck-1.1.1]# ls[root@magnolia logcheck-1.1.1]# cd /var/log[root@magnolia logcheck-1.1.1]# cd /var/log[root@magnolia logcheck-1.1.1]# ps -ef | grep logcheck[root@magnolia logcheck-1.1.1]# ps -ef | grep logcheck[root@magnolia logcheck-1.1.1]# ps -ef | grep [3Pcrond[root@magnolia logcheck-1.1.1]# ps -ef | grep crond[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barrie[root@magnolia logcheck-1.1.1]# more /var/spool/mail/barrie
From root@magnolia.brighton.org  Sun Oct 20 13:27:22 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9KHRMh8001433
	for <root@magnolia.brighton.org>; Sun, 20 Oct 2002 13:27:22 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9KHRMwi001430
	for root; Sun, 20 Oct 2002 13:27:22 -0400
Date: Sun, 20 Oct 2002 13:27:22 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210201727.g9KHRMwi001430@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=pts/2 ; PWD=/home ; USER=root ; COMMAND=/bin/mkdir htdocs
[7m--More--(5%)[27msudo:   barrie : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/usr/bin/newaliases
sudo:   barrie : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/bin/vi aliases
sudo:   barrie : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/usr/bin/newaliases
sudo:   barrie : TTY=pts/0 ; PWD=/home/htdocs ; USER=root ; COMMAND=/usr/bin/pico index.html
sudo:   barrie : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/usr/bin/locate apachect1
sudo:   barrie : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/usr/bin/which apache
sudo:   barrie : TTY=pts/0 ; PWD=/usr ; USER=root ; COMMAND=/bin/ls


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Mon Oct 21 15:40:29 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9LJeTdg001474
	for <root@magnolia.brighton.org>; Mon, 21 Oct 2002 15:40:29 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9LJeT1u001471
	for root; Mon, 21 Oct 2002 15:40:29 -0400
Date: Mon, 21 Oct 2002 15:40:29 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210211940.g9LJeT1u001471@magnolia.brighton.org>
[7m--More--(13%)[27mTo: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 2 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/gunzip mysql-4.0.4-
beta-pc-linux-gnu-i6i6.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/cp mysql-4.0.4-beta
-pc-linux-gnu-i686.tar.gz /usr/local
sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie ; USER=root ; COMMAND=/bin/tar xzf mysql-4.0.4-bet
a-pc-linux-gnu-i686.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/tar xzf mysql-4.0.4-beta-
pc-linux-gnu-i686.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/rm mysql-4.0.4-beta-pc-li
nux-gnu-i686
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/rmdir mysql-4.0.4-beta-pc
-linux-gnu-i686
[7m--More--(19%)[27msudo:   barrie : TTY=pts/3 ; PWD=/usr/local/mysql-4.0.4-beta-pc-linux-gnu-i686 ; USER=root ; COM
MAND=/bin/rm bin ChangeLog configure COPYING COPYING.LIB data include INSTALL-BINARY lib man man
ual.html manual_toc.html manual.txt mysql-test README scripts share sql-bench support-files test
s
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local/mysql-4.0.4-beta-pc-linux-gnu-i686/bin ; USER=root ;
 COMMAND=/bin/rm comp_err isamchk msql2mysql myisamchk myisampack my_print_defaults mysql mysqla
ccess mysqlaccess.conf mysqladmin mysqlbinlog mysqlbug mysqlcheck mysql_config mysql_convert_tab
le_format mysqld mysqld_multi mysqld_safe mysqld.sym.gz mysqldump mysqldumpslow mysql_explain_lo
g mysql_find_rows mysql_fix_extensions mysql_fix_privilege_tables mysqlhotcopy mysqlimport mysql
manager mysqlmanagerc mysqlmanager-pwgen mysql_secure_installation mysql_setpermission mysqlshow
 mysql_tableinfo mysqltest mysql_zap pack_isam perror replace resolveip resolve_stack_dump safe_
mysqld
sudo:   barrie : TTY=pts/3 ; PWD=/usr/local/mysql-4.0.4-beta-pc-linux-gnu-i686 ; USER=root ; COM
MAND=/bin/rmdir bin
sudo:   barrie : TTY=pts/4 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/cp mysql-max-4.0.3-
beta-pc-linux-gnu-i686.tar.gz /usr/local
sudo:   barrie : TTY=pts/4 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/gunzip mysql-max-4.0.3-be
ta-pc-linux-gnu-i686.tar.gz
sudo:   barrie : TTY=pts/4 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/mv mysql-max-4.0.3-beta-p
c-linux-gnu-i686.tar bin
sudo:   barrie : TTY=pts/4 ; PWD=/usr/local/bin ; USER=root ; COMMAND=/bin/tar xf mysql-max-4.0.
3-beta-pc-linux-gnu-i686.tar
sudo:   barrie : TTY=pts/0 ; PWD=/usr/local/bin ; USER=root ; COMMAND=/bin/gzip mysql-4.0.3-beta
-pc-linux-gnu-i686.tar
sudo:   barrie : TTY=pts/0 ; PWD=/usr/local/bin ; USER=root ; COMMAND=/bin/gzip mysql-max-4.0.3-
beta-pc-linux-gnu-i686.tar
[7m--More--(29%)[27mgroupadd[2491]: new group: name=mysql, gid=501 
useradd[2493]: new user: name=mysql, uid=501, gid=501, home=/home/mysql, shell=/bin/bash 
sudo:   barrie : TTY=pts/2 ; PWD=/etc ; USER=root ; COMMAND=/bin/vi passwd


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Tue Oct 22 20:58:39 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9N0wdYx001363
	for <root@magnolia.brighton.org>; Tue, 22 Oct 2002 20:58:39 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9N0wdAg001360
	for root; Tue, 22 Oct 2002 20:58:39 -0400
Date: Tue, 22 Oct 2002 20:58:39 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210230058.g9N0wdAg001360@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org


[7m--More--(35%)[27m[K
 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=tty1 ; PWD=/home/barrie ; USER=root ; COMMAND=/bin/vi /etc/passwd
sudo:   barrie : TTY=tty1 ; PWD=/home/barrie ; USER=root ; COMMAND=/sbin/shutdown -h now
sudo:   barrie : TTY=pts/2 ; PWD=/home/barrie ; USER=root ; COMMAND=/usr/local/mysql/bin/mysqldu
mp HSLTEST


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sat Oct 26 16:35:23 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9QKZNMn001161
[7m--More--(40%)[27m[K	for <root@magnolia.brighton.org>; Sat, 26 Oct 2002 16:35:23 -0400
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9QKZNVQ001158
	for root; Sat, 26 Oct 2002 16:35:23 -0400
Date: Sat, 26 Oct 2002 16:35:23 -0400
From: root <root@magnolia.brighton.org>
Message-Id: <200210262035.g9QKZNVQ001158@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 
[7m--More--(45%)[27m[K
From root@magnolia.brighton.org  Sun Oct 27 20:59:43 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9S1xgf5001430
	for <root@magnolia.brighton.org>; Sun, 27 Oct 2002 20:59:42 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9S1xgGW001427
	for root; Sun, 27 Oct 2002 20:59:42 -0500
Date: Sun, 27 Oct 2002 20:59:42 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200210280159.g9S1xgGW001427@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

**Unmatched Entries**
sudo:   barrie : TTY=tty1 ; PWD=/home/barrie ; USER=root ; COMMAND=/sbin/shutdown -h now


 ----------------- Connections (secure-log) End -------------------- 
[7m--More--(51%)[27m[K


 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Mon Oct 28 07:19:55 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id g9SCJs5j001470
	for <root@magnolia.brighton.org>; Mon, 28 Oct 2002 07:19:54 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id g9SCJsnC001467
	for root; Mon, 28 Oct 2002 07:19:54 -0500
Date: Mon, 28 Oct 2002 07:19:54 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200210281219.g9SCJsnC001467@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

**Unmatched Entries**
[7m--More--(56%)[27msudo:   barrie : TTY=pts/1 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/bin/cp php-4.2.3.tar.gz
 /usr/local
sudo:   barrie : TTY=pts/1 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/gunzip php-4.2.3.tar.gz
sudo:   barrie : TTY=pts/1 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/tar xvf php-4.2.3.tar
sudo:   barrie : TTY=pts/1 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND=/usr/bin/wget http://www
.openssl.org/source/openssl-0.9.6g.tar.gz


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sat Nov  9 17:58:50 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gA9Mwo2s001508
	for <root@magnolia.brighton.org>; Sat, 9 Nov 2002 17:58:50 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gA9MwnA3001505
	for root; Sat, 9 Nov 2002 17:58:49 -0500
Date: Sat, 9 Nov 2002 17:58:49 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211092258.gA9MwnA3001505@magnolia.brighton.org>
To: root@magnolia.brighton.org
[7m--More--(63%)[27mSubject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 1 Time(s)


 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sun Nov 10 11:58:31 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAAGwVf9001283
	for <root@magnolia.brighton.org>; Sun, 10 Nov 2002 11:58:31 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAAGwUXl001280
[7m--More--(67%)[27m[K	for root; Sun, 10 Nov 2002 11:58:30 -0500
Date: Sun, 10 Nov 2002 11:58:30 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211101658.gAAGwUXl001280@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: LogWatch for magnolia.brighton.org



 ################## LogWatch 2.6 Begin ##################### 

 ---------------- Connections (secure-log) Begin ------------------- 

Connections:
   Service sgi_fam:
      <no address>: 2 Time(s)

**Unmatched Entries**
sudo:   barrie : TTY=pts/0 ; PWD=/etc/rc.d/rc3.d ; USER=root ; COMMAND=/bin/cp S85gpm S85gpmBU
sudo:   barrie : TTY=pts/0 ; PWD=/etc/rc.d/rc5.d ; USER=root ; COMMAND=/bin/cp S85gpm S85gpmBU
sudo:   barrie : TTY=pts/2 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/rm php-4.2.3.tar.gz
sudo:   barrie : TTY=pts/3 ; PWD=/sbin ; USER=root ; COMMAND=/sbin/kernelversion
sudo:   barrie : TTY=pts/0 ; PWD=/home/barrie/tmp/kernel ; USER=root ; COMMAND=/bin/cp linux-2.4
.19.tar.gz /usr/src
sudo:   barrie : TTY=tty1 ; PWD=/etc ; USER=root ; COMMAND=/bin/vi grub.conf

[7m--More--(73%)[27m[K
 ----------------- Connections (secure-log) End -------------------- 



 ###################### LogWatch End ######################### 

From root@magnolia.brighton.org  Sun Nov 24 22:00:01 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAP301ku007450
	for <root@magnolia.brighton.org>; Sun, 24 Nov 2002 22:00:01 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAP300pG007447
	for root; Sun, 24 Nov 2002 22:00:00 -0500
Date: Sun, 24 Nov 2002 22:00:00 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211250300.gAP300pG007447@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: magnolia.brighton.org 11/24/02:22.00 system check


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Nov 24 13:11:42 magnolia syslogd 1.4.1: restart.
Nov 24 16:10:33 magnolia su(pam_unix)[7123]: session opened for user root by (uid=500)
[7m--More--(79%)[27mNov 24 16:04:57 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/home/barrie/tmp ; USER=root ; COMMAND
=/bin/cp logsentry-1.1.1.tar.gz /usr/local
Nov 24 16:07:44 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/
gunzip logsentry-1.1.1.tar.gz
Nov 24 16:08:18 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/
tar tf logsentry-1.1.1.tar
Nov 24 16:09:57 magnolia sudo:   barrie : TTY=pts/3 ; PWD=/usr/local ; USER=root ; COMMAND=/bin/
tar xvf logsentry-1.1.1.tar

From root@magnolia.brighton.org  Sun Nov 24 22:02:44 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAP32iku007491
	for <root@magnolia.brighton.org>; Sun, 24 Nov 2002 22:02:44 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAP32i7q007488
	for root; Sun, 24 Nov 2002 22:02:44 -0500
Date: Sun, 24 Nov 2002 22:02:44 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211250302.gAP32i7q007488@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: magnolia.brighton.org 11/24/02:22.02 system check


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
[7m--More--(86%)[27mNov 24 22:00:01 magnolia sendmail[7451]: gAP301ku007450: forward /home/barrie/.forward: Group wr
itable file

From root@magnolia.brighton.org  Sun Nov 24 22:09:41 2002
Return-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAP39fku007546
	for <root@magnolia.brighton.org>; Sun, 24 Nov 2002 22:09:41 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAP39fFx007543
	for root; Sun, 24 Nov 2002 22:09:41 -0500
Date: Sun, 24 Nov 2002 22:09:41 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211250309.gAP39fFx007543@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: magnolia.brighton.org 11/24/02:22.09 system check


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Nov 24 22:09:19 magnolia su(pam_unix)[7123]: session closed for user root
Nov 24 22:09:28 magnolia su(pam_unix)[7500]: session opened for user root by (uid=500)
Nov 24 22:02:44 magnolia sendmail[7492]: gAP32iku007491: forward /home/barrie/.forward: Group wr
itable file

From root@magnolia.brighton.org  Sun Nov 24 22:46:12 2002
[7m--More--(93%)[27mReturn-Path: <root@magnolia.brighton.org>
Received: from magnolia.brighton.org (magnolia.brighton.org [127.0.0.1])
	by magnolia.brighton.org (8.12.5/8.12.5) with ESMTP id gAP3kBku007611
	for <root@magnolia.brighton.org>; Sun, 24 Nov 2002 22:46:12 -0500
Received: (from root@localhost)
	by magnolia.brighton.org (8.12.5/8.12.5/Submit) id gAP3kBqX007608
	for root; Sun, 24 Nov 2002 22:46:11 -0500
Date: Sun, 24 Nov 2002 22:46:11 -0500
From: root <root@magnolia.brighton.org>
Message-Id: <200211250346.gAP3kBqX007608@magnolia.brighton.org>
To: root@magnolia.brighton.org
Subject: magnolia.brighton.org 11/24/02:22.46 system check


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Nov 24 22:45:48 magnolia su(pam_unix)[7500]: session closed for user root
Nov 24 22:45:55 magnolia su(pam_unix)[7565]: session opened for user root by (uid=500)
Nov 24 22:26:25 magnolia sudo:   barrie : TTY=pts/4 ; PWD=/usr/local/logcheck-1.1.1/systems/linu
x ; USER=root ; COMMAND=/bin/more logcheck.sh
Nov 24 22:09:41 magnolia sendmail[7547]: gAP39fku007546: forward /home/barrie/.forward: Group wr
itable file

]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# 
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# [root@magnolia logcheck-1.1.1]# e[root@magnolia logcheck-1.1.1]# e[root@magnolia logcheck-1.1.1]# ex[root@magnolia logcheck-1.1.1]# ex[root@magnolia logcheck-1.1.1]# exi[root@magnolia logcheck-1.1.1]# exi[root@magnolia logcheck-1.1.1]# exit[root@magnolia logcheck-1.1.1]# exit
exit
]0;barrie@magnolia:/usr/local/logcheck-1.1.1[barrie@magnolia logcheck-1.1.1]$ [barrie@magnolia logcheck-1.1.1]$ 
Script done on Sun Nov 24 22:55:31 2002