<font size=2 face="sans-serif">We use logcheck in our systems. From
time to time during what appears to be large volumes of information I get
emails with current and sometimes dated traffic. Recently, we had
a change to the system which created quite a lot of 404 traffic.</font>
<br>
<br><font size=2 face="sans-serif">I don't have a specific log analysis
tool but use my own home grown tool.</font>
<br>
<br><font size=2 face="sans-serif">I have all the emailed log files go
to a log folder in my email client. They are separated by server,
this way I can gather all the entries for a specific server and save them
to a text file. I run a script to eliminate the email headers and
other noise not associated with the logs. I then import this into
excel which I have a macro set up to change it from text to data.</font>
<br>
<br><font size=2 face="sans-serif">Therefore the logs are from the current
24 hours period. Once in a while after a huge amount of traffic,
usually caused by something we did or didn't do seems to cause this. My
question is has any one experienced this with log check in the past of
it retrieving old traffic from somewhere in syslog, if so where might it
be coming from?</font>
<br>
<br><font size=2 face="sans-serif">Frank Kenisky IV, CISSP, CISA, CISM<br>
</font>