[email protected] (Trent W. Buck) writes: > logcheck has magic to remember the inode & offset of the last scan; > if the inode hasn't changed, it starts from where it left off (otherwise > from 0). > > Or you could just use logcheck -- add your DENIED.*\.(com|biz|net)/ > regexp to its "security alerts" list of regexps.
Oh, but squid doesn't log via syslog(3) by default. So you'd need to tell logcheck to also read squid/access.log and to whitelist "expected" lines from that. _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
