Generating Reports and Analyzing Logs 黃雁亭陳麗雯廖榆恬 1.

Slides:

Advertisements

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

Advertisements

CIS Lesson 12 System Monitoring 1. CIS Lesson 12 System Monitoring Monitoring Log Files /var/log ‒ Can be used as indication of systematic.

Managing logs with syslog-ng and SWATCH AfNOG 11, Kigali/Rwanda.

NetComm Wireless Logging Architecture Feature Spotlight.

Syslog and log files1-1 Syslog and Log Files  From logfiles, you can find m important information m History m Errors/warnings  Logging policies m Reset.

Detecting Intruders from log files and traces Special Intruder Detection Systems (IDS) are now a market niche, and there are many products on the market.

CIS 193A – Lesson3 Vigilance! Logging & Monitoring Syslog Logrotate Logwatch Accounting.

CS162B: Daemonization Jacob T.Chan. Foreground Process  Has input/output capabilities  These require users at the terminal  Lives as long as the terminal.

Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.

Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.

Daemon Processes and inetd Superserver

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.

CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Logging.

NOC TOOLS syslog AfNOG Cairo, SI-E, 2 of 5 Sunday Folayan.

AfChix 2011 Blantyre, Malawi Log management. Log management and monitoring ■ What is log management and monitoring ? ● It's about keeping your logs in.

Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Log management.

Security Auditing CS460/ECE422 Spring Reading Material Chapter 18 of text.

Hjemmeeksamen 1 INF3190. Oppgave Develop a monitoring/administration tool which allows an administrator to use a client to monitor all processes running.

Server Design Discuss Design issues for Servers Review Server Creation in Linux.

Services, logging, accounting Todd Kelley CST8177– Todd Kelley1.

Syslog and log files Ameera Jaradat.

Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.

New SA Training Topic 9: Logging, Monitoring, and Performance  Logging  Windows – “Auditing”  Linux – syslog  Monitoring  MRTG  Big Brother  Performance.

Partner Logo German Cancio – WP4-install LCFG HOW-TO - n° 1 WP4 hands-on workshop: EDG LCFGng exercises

CIS 218 Advanced UNIX 1 User and System Information CIS 218.

System Monitoring and Automation CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.

ITI-481: Unix Administration Meeting 5. Today’s Agenda Network Information Service (NIS) The Cron Program Syslogd and Logging.

7 November 2005 Sebastian Büttrich ItrainOnline MMTK 1 Linux logging and logfiles monitoring with swatch Sebastian Büttrich, wire.less.dk.

System logging and monitoring

Vodafone MachineLink 3G

1 Introduce Linux Speaker: Yi-Ji Jheng Date:

System Monitoring and Automation. 2 Section Overview Automation of Periodic Tasks Scheduling and Cron Syslog Accounting.

TELE 301 Lecture 10: Scheduled … 1 Overview Last Lecture –Post installation This Lecture –Scheduled tasks and log management Next Lecture –DNS –Readings:

Day 11 SAMBA NFS Logs Managing Users. SAMBA Implements the ability for a Linux machine to communicate with and act like a Windows file server. –Implements.

Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-

Backups, Logging, Troubleshooting. Dates for Last Week of Class Homework 7 – Due Tuesday 5/1 by midnight Labs 7 & 8 – 8 is extra credit – Due Thursday.

Guide to Linux Installation and Administration, 2e1 Chapter 10 Managing System Resources.

Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 6 Manage Linux Processes and Services.

Linux Security. See who's logged in 1) w (more information) 2) who (less information)

CENT 305 Information Systems Security Overview of System Logging syslog 1.

These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (

Ch11: Syslog and Logfiles Presented by: Apichana Thiantanawat 06/11/02.

1 Periodic Processes and the cron Daemon The cron daemon is where all timed events are initiated. The cron system is serviced by the cron daemon. What.

Syslog and Log Rotate. Computer Center, CS, NCTU 2 Log files  Execution information of each services sshd log files httpd log files ftpd log files 

Other useful commands netstat ps tail kill. netstat Print network connections, routing tables, interface statistics, masquerade connections, and multicast.

Core System Services. INIT Daemon The init process is the patron of all processes. first process that gets started in any Linux/ UNIX -based system.

CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration System Monitoring.

Cosc 4750 Log files Logging policies Throw away all data immediately Reset log files at periodic intervals Rotate logs files, keeping data for a fixed.

中華技術學院 Linux 課程中華技術學院 Linux 課程 Chap one : Service Control 王俊城RHCE/RHCX.

These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (

System Administration Performance Monitoring For a server, it is crucial to monitor the health of the machine You need not only real time data collection.

Understanding POP3 / IMAP Created by : Ashish Shah, J. M. Patel College of Commerce 1.

Network Management Tutorial Log management. Log management and monitoring ■ What is log management and monitoring ? ■ It's about keeping your logs in.

Chapter4 Logs not just for camp fires By: Brett Hoff.

COP 4343 Unix System Administration

Cosc 4750 Log files.

APRICOT 2008 Network Management Taipei, Taiwan February 20-24, 2008

ITIS 3110 IT Infrastructure II

Log management AfNOG 2008 Rabat, Morocco.

CST8177 Services, Daemons, and Logs.

Syslog and Log Rotate yihshih.

CIT 485: Advanced Cybersecurity

CIT 470: Advanced Network and System Administration

Syslog and Log Rotate.

Syslog and Log Rotate.

Chapter 8, pp 171 – pp 200 Web Security, by Lincoln D. Stein

Monitoring with logging

Presentation transcript:

Generating Reports and Analyzing Logs 黃雁亭陳麗雯廖榆恬 1

Outline Log Report Syslogd Configure the Syslog Syslog Server Logrotate Summery 2

Log Report What is Log Report? A report includes….. – Date, time, host, service& related function and message. Ex: – May 28 11:23:48 ip005 su: pam_unix(su:session): session opened for user root by imliving(uid=500) 3

Log Report (cont.) Why log report? You need to – Know the errors – See the actions Two types – Capture bad strings immediately, ignore the rest. – Ignore “okay” strings, report on what’s left. 4

Syslogd The service to reporting the log. ps aux | grep syslog – USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND – root ? Ss Mar31 0:00 syslogd -m 0 chkconfig --list syslog – syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off 5

Configure the Syslog /etc/syslog.conf – The service. – The level of the information. – The location of the file. Ex: – mail.info/var/log/maillog_info 6

Configure the Syslog (cont.) The main services are auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp and local0 through local7. 7

Configure the Syslog (cont.) The level of the information – Info, notice, warning(warn) – Err(error), crit, alert – Emerg(panic) Symbol –. –.= –.! 8

Configure the Syslog (cont.) How to add the log report – vi /etc/syslog.conf – /etc/init.d/syslog restart 9

Syslog Server Syslogd /etc/syslog.conf cronmailauth... log Syslogd /etc/sysconfig/syslog log Client Server 10

Syslog Server (cont.) Server – vi /etc/sysconfig/syslog – SYSLOGD_OPTIONS="-m 0 -r" – /etc/init.d/syslog restart – netstat -lunp | grep syslog Client – vi /etc/syslog.conf 11

Logrotate Change the name of old log file. Create a new empty log file. Report the log on the new file. Reserve the old file for a period of time. 12

Logrotate (cont.) LogLog.1 Log Log.1 Log.2 Log.3 Log

Logrotate (cont.) vi /etc/logrotate.conf Execute: logrotate [-vf] logfile – logrotate -v /etc/logrotate.conf – logrotate -vf /etc/logrotate.conf 14

Summary Log Report can see the action and the error. Syslogd can classify the log report and centralize the management. Logrotate can keep the log file size not too big. 15

Reference 酷 ! 學園鳥哥的私房菜 16

Thanks for your listening. 17