At every 15-minute interval, Logcheck will read the freshly appended part of your log files and grep it for any intrusions as per the keywords that it is looking out for. In case of any alerts, Logcheck immediately composes a mail to root (root@localhost) with a complete report of the findings. So, make sure your internal SMTP service is running file.

This brings to an end of our four part series on Intrusion Detection Systems and their implementation. Do send us your valuable comments, which will help us deliver better content to you.

Laws are dumb in the midst of arms - Cicero