tripwire and log rotations

[Scott H]

Well, yes, I can.  But I don't WANT to exclude
these files.  I want them monitored.  I just dont
want the weekly log rotations to trigger this. 

> From: george@georgetoft.com
> You can specify which files to include/exclude
> in your tripwire config file.
> George
> 
> Quoting Scott H <scottlhenderson@yahoo.com>:
> > So now that I'm an at-home Linux user that
> has
> > begun to use Linux at my company for servers
> > (formerly all was MS), I'm faced with *NIX
> admin
> > issues that are all new to me.  Today's
> example
> > is: I have a RH7.3 server with tripwire
> installed
> > and a cron job that emails a tripwire report
> to
> > me daily.  Works great.  RH7.3 has a log
> rotation
> > system set up by default, and this works well
> > too,  rotating the logs once per week.  But
> of
> > course, tripwire notices each week and
> reports
> > that the log files have been changed (I'm
> > guessing it's the inode # that changes on
> these?)
> > and puts it in the report.  Now, I want to
> know
> > if a cracker messes with my log files, of
> course,
> > so I DO want tripwire to monitor these files.
> 
> > But I DON'T want tripwire to report on the
> > routine, weekly log file rotation, causing me
> to
> > have to go in and do an update on the
> tripwire
> > db.  How do I fix this?


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com