[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y ] [Home]
4chanarchives logo
What logs to watch in a GNU/Linux box?
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.

You are currently reading a thread in /g/ - Technology
Thread replies: 10
Thread images: 1
Anonymous
What logs to watch in a GNU/Linux box? 2016-06-02 20:59:51 Post No. 54878936
[Report] Image search: [Google]
File: blog_nov_281.jpg (191 KB, 737x380) Image search: [Google]
blog_nov_281.jpg
191 KB, 737x380
What logs to watch in a GNU/Linux box? Anonymous 2016-06-02 20:59:51 Post No. 54878936 [Report]
Suppose I wan't to know if a l33t haxxor tried to connect to my server, which logs do I need to watch often and which logs are less important? And I guess not every distro is the same, so what's the difference?

My guess there is some good hack (in the correct use of the word) to create a very logged system, I wonder if /g/ has a knowledgeable anon to tell how.
>>
Anonymous 2016-06-02 21:01:47 Post No.54878960
[Report]
Anonymous 2016-06-02 21:01:47 Post No.54878960 [Report]
You need to ship your logs off the box for any real effectiveness. Otherwise watch wtmp btmp secure
>>
Anonymous 2016-06-02 21:04:33 Post No.54879011
[Report]
Anonymous 2016-06-02 21:04:33 Post No.54879011 [Report]
>>54878960
I've heard every big company is does that without a question. Not sure if they use plain syslog for that.
>>
Anonymous 2016-06-02 21:04:43 Post No.54879012
[Report]
Anonymous 2016-06-02 21:04:43 Post No.54879012 [Report]
>>54878936
Or you could just, you know, have a script that watches logs for intrusions...
>>
Anonymous 2016-06-02 21:07:24 Post No.54879025
[Report]
Anonymous 2016-06-02 21:07:24 Post No.54879025 [Report]
>>54879012
No doubt about that, the question is how and which ones.
I'm guessing having a script doing a log abstract is a must.
>>
Anonymous 2016-06-02 21:07:51 Post No.54879029
[Report]
Anonymous 2016-06-02 21:07:51 Post No.54879029 [Report]
Psad
>>
Anonymous 2016-06-02 21:09:26 Post No.54879051
[Report]
Anonymous 2016-06-02 21:09:26 Post No.54879051 [Report]
>>54879025
https://duckduckgo.com/?q=script+watch+intrusions+linux&t=canonical&ia=web
Have fun kiddo
>>
Anonymous 2016-06-02 21:13:21 Post No.54879097
[Report]
Anonymous 2016-06-02 21:13:21 Post No.54879097 [Report]
>>54879076
Are you mentally challenged?
>>
Anonymous 2016-06-02 21:13:25 Post No.54879098
[Report]
Anonymous 2016-06-02 21:13:25 Post No.54879098 [Report]
>>54878936
/var/log/Auth
>>
Windows master race (ID: !!WiQLwbI3cl2) 2016-06-02 21:15:59 Post No.54879134
[Report]
Windows master race (ID: !!WiQLwbI3cl2) 2016-06-02 21:15:59 Post No.54879134 [Report]
>>54879097
Sorry, wrong thread.
Thread replies: 10
Thread images: 1
banner
banner
[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y] [Home]
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
If a post contains personal/copyrighted/illegal content you can contact me at [email protected] with that post and thread number and it will be removed as soon as possible.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com, send takedown notices to them.
This is a 4chan archive - all of the content originated from them. If you need IP information for a Poster - you need to contact them. This website shows only archived content.