Re: question about security logs

["Phil Cryer" <phil () cryer us>]

> I check auth.log daily, and the accesses for some programs, but I read
> some articles that say that there are logs that must be checked
> regularly in the system in order to keep safe and identify possible
> intrusions/activity in the network.

Look into using Logcheck http://logcheck.org/ - it will scan your logs (you schedule it in cron) and then email you the 
results.  Once it's installed you can talior it to not flag certain things that are normal traffic, and thus will only 
alert you when something fishy is going down.  This would be the first step if I were you.

Hope that helps, it really helped me.

P
"You teach best what you most need to learn." - Richard Bach