var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
Logs, how to?
I see a lot of refence to "check the logs" I have logwatch and rootkit installed on my server. What other items do I need to keep check of and how do I do it?
While definitions can vary, typically it means to review the actual log files.
Chkrootkit (and similar programs) do not check logs.
Logwatch does summarize key events, but may not show everything; and generally runs once per day.
Where as "checking the logs" is generall within the current sense of time (vs. waiting for logwatch to run).
Could you tell me which logs I need to be checking?
/var/log and /usr/local/apache/logs or wherever it's configured to.
theres alot more you need to be checking not just logs
Can you elaborate please?
Why don't you check out our members' page (admin0):
It covers almost all the logs you need to monitor.
Anyways, I would recommend hiring a remote server admin to make your job easier
- Virtualization, Private Cloud Computing & Managed Datacenter in Singapore
- Managed Virtual Private Servers, Dedicated Servers & Colocation Services in Singapore
- Gigabit backbone at Equinix Singapore, M1 & Telin Datacenters with Private Link for Disaster Recovery setup
There is a lot that goes into managing and securing (securing is a daily activity, not harden once and done) a server.
Checking logs is just one aspect.
There are a number of logs; and, locations can vary depending on the log file for which service.
System log files are generally in /var/log
But then you have Apache log files, mysql log files, etc. And those locations can vary.
Lastly, you have to know what you are looking for when you check logs; and that would take a book or two (or at least a chapter or more).