id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
85	growinglogfiles check problem	anonymous	rainer	"growinglogfiles alerts changed checksums for logfiles that are just growing (but growing fast). to reproduce, run something close to this (wait a while until the file gets larger):

while true; do echo ""kala"" >> kala; echo ""leib"" >> kala; echo ""prantsusmaa"" >> kala; echo ""odekolonn"" >> kala; sync; done

define:
[GrowingLogFiles]
file=/root/kala
(or wherever you made the file)

then run check or update for a couple of times while the /root/kala file is being appended to:
./samhain --foreground -p crit -l none -s none -t update
ALERT  :  [2007-12-28T11:36:43-0500] msg=<START>, program=<Samhain>, userid=<0>, path=</etc/samhainrc>, hash=<24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A>, path=</var/lib/samhain/samhain_file>, hash=<24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A>
CRIT   :  [2007-12-28T11:36:44-0500] msg=<POLICY MISSING>, path=</emul>
CRIT   :  [2007-12-28T11:36:45-0500] msg=<POLICY [GrowingLogs] C--------->, path=</var/log/auth.log>, chksum_old=<97205EE75EC9E9E17900016C07F51FB1E8761E78CAC6119D>, chksum_new=<3AF00F4F023D890486533936B340E42E756E06552D14A75C>, 
CRIT   :  [2007-12-28T11:36:45-0500] msg=<POLICY [GrowingLogs] C--------->, path=</root/kala>, chksum_old=<A6430F4375CA03536F85A7177C4B272C84DA3DA7B107350F>, chksum_new=<50A573F0B81CBDB5A5DBEE0766669562565659EDDCE8BA69>, 
ALERT  :  [2007-12-28T11:36:46-0500] msg=<EXIT>, program=<Samhain>, status=<None>

"	defect	closed	major	2.4.2	main	2.4.1a	fixed	growinglogfiles