Security Basics mailing list archives
Re: question about security logs
From: "Phil Cryer" <phil () cryer us>
Date: Fri, 01 Jul 2005 09:29:44 -0500
I check auth.log daily, and the accesses for some programs, but I read some articles that say that there are logs that must be checked regularly in the system in order to keep safe and identify possible intrusions/activity in the network.
Look into using Logcheck http://logcheck.org/ - it will scan your logs (you schedule it in cron) and then email you the results. Once it's installed you can talior it to not flag certain things that are normal traffic, and thus will only alert you when something fishy is going down. This would be the first step if I were you. Hope that helps, it really helped me. P "You teach best what you most need to learn." - Richard Bach
Current thread:
- Re: question about security logs Gonzalo Martinez (Jul 04)
- <Possible follow-ups>
- Re: question about security logs ????????? ????????? (Jul 04)
- Re: question about security logs Phil Cryer (Jul 04)
- Re: question about security logs matt (Jul 04)