LOGMUNCHER(8) System Manager's Manual LOGMUNCHER(8) NAME logmuncher - scan log files for interesting patterns SYNOPSIS logmuncher [-t address] [-d conf-dir] [conf-files] DESCRIPTION Logmuncher is a shell script that can scan one or more log files for unusual events that might indicate a system intrusion. In normal use, it is invoked periodically from cron(1) with no arguments. In this mode, it will scan a hardwired configuration directory for control files (see logmuncher(5)) and will perform log checks as defined in those files. By default, logmuncher mails its reports to root, although the report address can be changed by the configuration files. Error messages are also mailed to root. The -t switch allows this default to be modified. If no conf-files are given, logmuncher normally scans the directory /usr/local/etc/logmuncher/conf for configuration files. All plain files in that directory are considered to be control files and are parsed according to the description in logmuncher(5). The -d switch allows the control-file directory to be changed. Alternatively, the control files can be given on the command line; in that case no direc- tory scan is done. FILES /usr/local/etc/logmuncher/conf Directory containing configuration files. /usr/local/etc/logmuncher/patterns Normal location of pattern files. SEE ALSO logmuncher(5), cron(1), syslogd(8) BUGS Can't deal with multi-line patterns in log files. Can be fooled by a cracker who quickly cleans out a log file. Very dependent on the quality of the control and pattern files. AUTHOR Geoff Kuenning (geoff@cs.hmc.edu), with major contributions by Russell Adams. LOGMUNCHER(8)