Results 1 to 8 of 8
Thread: Logs, how to?
-
05-04-2004, 11:57 AM #1Junior Guru
- Join Date
- Feb 2004
- Posts
- 217
Logs, how to?
I see a lot of refence to "check the logs" I have logwatch and rootkit installed on my server. What other items do I need to keep check of and how do I do it?
Thanks, Kevin
-
05-04-2004, 12:16 PM #2Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Greetings:
While definitions can vary, typically it means to review the actual log files.
Chkrootkit (and similar programs) do not check logs.
Logwatch does summarize key events, but may not show everything; and generally runs once per day.
Where as "checking the logs" is generall within the current sense of time (vs. waiting for logwatch to run).
Thank you.
-
05-04-2004, 01:15 PM #3Junior Guru
- Join Date
- Feb 2004
- Posts
- 217
Thanks
Thank you,
Could you tell me which logs I need to be checking?
Thanks again,
Kevin
-
05-04-2004, 04:08 PM #4Web Hosting Guru
- Join Date
- Aug 2003
- Posts
- 336
/var/log and /usr/local/apache/logs or wherever it's configured to.
-
05-04-2004, 08:44 PM #5Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
theres alot more you need to be checking not just logs
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
05-04-2004, 09:58 PM #6Junior Guru
- Join Date
- Feb 2004
- Posts
- 217
Can you elaborate please?
Thanks, Kevin
-
05-05-2004, 06:46 AM #7Web Hosting Master
- Join Date
- Mar 2003
- Location
- Singapore
- Posts
- 763
Why don't you check out our members' page (admin0):
http://www.admin0.info/articles/monitoring/
It covers almost all the logs you need to monitor.
Anyways, I would recommend hiring a remote server admin to make your job easierSecureAX Singapore - Virtualization, Private Cloud Computing & Managed Datacenter in Singapore
- Managed Virtual Private Servers, Dedicated Servers & Colocation Services in Singapore
- Gigabit backbone at Equinix Singapore, Telstra SGCS2 & Telin Datacenters with Private Link for Disaster Recovery setup
-
05-05-2004, 08:42 AM #8Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Greetings:
There is a lot that goes into managing and securing (securing is a daily activity, not harden once and done) a server.
Checking logs is just one aspect.
There are a number of logs; and, locations can vary depending on the log file for which service.
System log files are generally in /var/log
But then you have Apache log files, mysql log files, etc. And those locations can vary.
Lastly, you have to know what you are looking for when you check logs; and that would take a book or two (or at least a chapter or more).
Thank you.