Results 1 to 8 of 8

Thread: Logs, how to?

  1. #1

    Logs, how to?

    I see a lot of refence to "check the logs" I have logwatch and rootkit installed on my server. What other items do I need to keep check of and how do I do it?

    Thanks, Kevin

  2. #2
    Greetings:

    While definitions can vary, typically it means to review the actual log files.

    Chkrootkit (and similar programs) do not check logs.

    Logwatch does summarize key events, but may not show everything; and generally runs once per day.

    Where as "checking the logs" is generall within the current sense of time (vs. waiting for logwatch to run).

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  3. #3

    Thanks

    Thank you,
    Could you tell me which logs I need to be checking?

    Thanks again,
    Kevin

  4. #4
    /var/log and /usr/local/apache/logs or wherever it's configured to.

  5. #5
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    theres alot more you need to be checking not just logs
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  6. #6
    Can you elaborate please?

    Thanks, Kevin

  7. #7
    Join Date
    Mar 2003
    Location
    Singapore
    Posts
    763
    Why don't you check out our members' page (admin0):
    http://www.admin0.info/articles/monitoring/

    It covers almost all the logs you need to monitor.

    Anyways, I would recommend hiring a remote server admin to make your job easier
    SecureAX Singapore - Virtualization, Private Cloud Computing & Managed Datacenter in Singapore
    - Managed Virtual Private Servers, Dedicated Servers & Colocation Services in Singapore
    - Gigabit backbone at Equinix Singapore, Telstra SGCS2 & Telin Datacenters with Private Link for Disaster Recovery setup

  8. #8
    Greetings:

    There is a lot that goes into managing and securing (securing is a daily activity, not harden once and done) a server.

    Checking logs is just one aspect.

    There are a number of logs; and, locations can vary depending on the log file for which service.

    System log files are generally in /var/log

    But then you have Apache log files, mysql log files, etc. And those locations can vary.

    Lastly, you have to know what you are looking for when you check logs; and that would take a book or two (or at least a chapter or more).

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •