>>>>> "Lex" == Lex Wennmacher <wennmach@geo.Uni-Koeln.DE> writes:
    Lex> A hacker managed to break in into your system and even
    Lex> managed to become root.  As a first step, he tries to cover
    Lex> up his traces by changing the system log files
    Lex> /var/log/authlog, /var/log/lastlog, and /var/log/wtmp. No
    Lex> chance, the are sappnd.

  Understood, but how does newsyslog work in this case?

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [