systrace / stsh: logging, etc.

[Jacob Yocom-Piatt]

having seen and experimented with both jose's (
http://www.monkey.org/~jose/software/stsh/ ) and dug's (
http://mirror.sg.depaul.edu/pub/security/stsh/dugsong-stsh.txt ) stsh tarballs,
i found that jose's works nicely with minimal effort and dug's throws up an
"invalid shell" error. does anyone have a strong suggestion as to which stsh
source to use?

when a syscall is denied, i get a lot of repeated messages in /var/log/messages
(haven't changed where systrace logs to yet) like so

Nov  4 19:21:00 rp systrace: deny user: stest, prog: /usr/bin/vi, pid:
14493(2)[19027], policy: /usr/bin/vi, filters: 0, syscall: native-write(4), 
args: 12
Nov  4 19:21:00 rp systrace: deny user: stest, prog: /usr/bin/vi, pid:
14493(2)[19027], policy: /usr/bin/vi, filters: 0, syscall: native-write(4), 
args: 12
Nov  4 19:21:00 rp systrace: deny user: stest, prog: /usr/bin/vi, pid:
14493(2)[19027], policy: /usr/bin/vi, filters: 0, syscall: native-write(4), 
args: 12
Nov  4 19:21:00 rp systrace: deny user: stest, prog: /usr/bin/vi, pid:
14493(2)[19027], policy: /usr/bin/vi, filters: 0, syscall: native-write(4), 
args: 12
Nov  4 19:21:00 rp systrace: deny user: stest, prog: /usr/bin/vi, pid:
14493(2)[19027], policy: /usr/bin/vi, filters: 0, syscall: native-write(4), 
args: 12
Nov  4 19:21:00 rp systrace: deny user: stest, prog: /usr/bin/vi, pid:
14493(2)[19027], policy: /usr/bin/vi, filters: 0, syscall: native-write(4), 
args: 12
Nov  4 19:21:00 rp systrace: deny user: stest, prog: /usr/bin/vi, pid:
14493(2)[19027], policy: /usr/bin/vi, filters: 0, syscall: native-write(4), 
args: 12

how can i condense these into a single entry followed by a "last entry repeated
X times" entry?

cheers,
jake