[NBLUG/talk] "Security" log...
E Frank Ball
frankb at efball.com
Sun Feb 8 13:03:01 PST 2004
On Sun, Feb 08, 2004 at 06:44:10AM -0800, Todd Cary wrote:
} Is /var/log/message the best/only place to look to see who (if anyone)
} has been "knocking at my door"?
It depends on what distribution and what services you are running.
There are mail logs, web logs, etc for services running.
You can also log tcp, icmp, and/or upd connections.
http://pltplp.net/ippl/ (apt-get install ippl for debian).
I tend to log just about everything, which is way too much crap to read
thru. I use logcheck (apt-get or Redhat 7.1 powertools CD) to grep my
logfiles once an hour and email me anything interesting. The config
files for logcheck have lists of regular expressions telling it what to
ignore. If I see something interesting I can dig into the full log
files to investigate. There is also a config file telling logcheck
which log files to read.
--
E Frank Ball frankb at efball.com
More information about the talk
mailing list