Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cosc 4750 Log files.

Published byDomenic Stone Modified over 6 years ago

Similar presentations

Presentation on theme: "Cosc 4750 Log files."— Presentation transcript:

1 Cosc 4750 Log files

2 Logging policies Throw away all data immediately
Reset log files at periodic intervals Rotate logs files, keeping data for a fixed time Compress and archive logs to tape or other permanent media

3 Throwing away logs Not recommended
Needed for tuning/fixing the system Keeping no logs, or turning off logs linking log files to /dev/null UNIX version of the trash can

4 Rotating log files Standard practice and default for installs
A log file is used for a specific time or until goes to a specific amount. Then the log is renamed to logfile.1 usually, between 2 and 4 rotates logfile, logfile.1,logfile.2, logfile.3, and logfile.4 Never version now use dates, instead of number. More useful? When a log files reaches it last “rotate” it then removed/deleted

5 Archiving logs The logs are usually compressed at certain times (or rotated logs) probably with gzip or compress Then stored on tape or other permanent media, off-line

6 Log files Commonly found in /var/log or /var/adm (sgi)
messages (SYSLOG or syslog) Main system log, much of the system logs are found here secure: network connections and auth logs maillog: sendmail logs xferlog: the ftp log boot.log: output from the rc scripts dmesg: kernel and init boot output many others

7 syslog/messages syslogd is the logging daemon, configured with /etc/syslog.conf (redhat 6) Redhat 7: rsyslogd and /etc/rsyslog.conf It can be configured to write logs to any number of files as well as duplicate log files default it writes to SYSLOG/messages

8 syslogd.conf # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Everybody gets emergency messages, plus log them on another # machine *.emerg * Rsyslog.conf is similar but also has a rsyslog.d directory include as well.

9 Syslog severity levels
emerg = Panic situations alert = Urgent crit = critical condition err = other error conditions warnings = warnings messages notice = might merit investigation info = information messages debug = for debugging only

10 Other software uses syslog
ftpd, halt/reboot, inetd, login/rlogind named, passwd, popper (mail), sendmail, cron, vmunix (kernel)

11 logrotate command uses configuration files to figure out when to rotate logs /etc/logrotate.conf is a generic config general info, when to rotate, compress, etc. contains /var/log/wtmp rotate info /etc/logrotate.d/ contains files for specific configures actions for logs rotations.

12 syslog rotate file /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron { sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript }

13 Viewing log files Most UNIX/linux log files contain lots of information. Sometimes too much for people. Besides cat’ing the logs in /var/log There is a logviewer (system-logviewer) redhat-logviewer on older redhat systems There are many “logviewers” created by the OpenSource community.

14 logwatch A program installed by default on Redhat/Fedora systems.
s "important" logs information to the root account daily. Configured in /etc/log.d directory logwatch.conf is general configurations services/* contains configuration files for varying services log files logfiles/* contains config's for non-services log files scripts/shared/*, scripts/services/* scripts/logfiles/* vary filters for services and non-services log files.

15 logSentry Similar to logwatch, but driven by security concerns, where as logwatch is summary of the logs. Filters out messages that are not security threats, then categorizes messages that could represent a threat and s. Active System Attack Alters Security Violations Unusual system events.

16 Q A &

Download ppt "Cosc 4750 Log files."

Similar presentations

CIS 191 - Lesson 12 System Monitoring 1. CIS 191 - Lesson 12 System Monitoring Monitoring Log Files /var/log ‒ Can be used as indication of systematic.

CIS Lesson 12 System Monitoring 1. CIS Lesson 12 System Monitoring Monitoring Log Files /var/log ‒ Can be used as indication of systematic.
Managing logs with syslog-ng and SWATCH AfNOG 11, Kigali/Rwanda.

Managing logs with syslog-ng and SWATCH AfNOG 11, Kigali/Rwanda.
NetComm Wireless Logging Architecture Feature Spotlight.

NetComm Wireless Logging Architecture Feature Spotlight.
Syslog and log files1-1 Syslog and Log Files  From logfiles, you can find m important information m History m Errors/warnings  Logging policies m Reset.

Syslog and log files1-1 Syslog and Log Files  From logfiles, you can find m important information m History m Errors/warnings  Logging policies m Reset.
Xinwen Fu Linux Logging Mechanisms 91.580.203 Computer & Network Forensics.

Xinwen Fu Linux Logging Mechanisms Computer & Network Forensics.
Detecting Intruders from log files and traces Special Intruder Detection Systems (IDS) are now a market niche, and there are many products on the market.

Detecting Intruders from log files and traces Special Intruder Detection Systems (IDS) are now a market niche, and there are many products on the market.
CIS 193A – Lesson3 Vigilance! Logging & Monitoring Syslog Logrotate Logwatch Accounting.

CIS 193A – Lesson3 Vigilance! Logging & Monitoring Syslog Logrotate Logwatch Accounting.
Chapter 11 Syslog and Log Rotate. Computer Center, CS, NCTU 2 Log files  Execution information of each services sshd log files httpd log files ftpd log.

Chapter 11 Syslog and Log Rotate. Computer Center, CS, NCTU 2 Log files  Execution information of each services sshd log files httpd log files ftpd log.
Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.

Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.
Unix Network Programming Chapter 13: Daemon processes and the inetd superserver 22.4.2005 Jani Peusaari.

Unix Network Programming Chapter 13: Daemon processes and the inetd superserver Jani Peusaari.
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
Syslog and Log files Haiying Bao June 15, 1999. Outline Log files –What need to be logged –Logging policies –Finding log files Syslog: the system event.

Syslog and Log files Haiying Bao June 15, Outline Log files –What need to be logged –Logging policies –Finding log files Syslog: the system event.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Logging.

CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Logging.
NOC TOOLS syslog AfNOG 2009 - Cairo, SI-E, 2 of 5 Sunday Folayan.

NOC TOOLS syslog AfNOG Cairo, SI-E, 2 of 5 Sunday Folayan.
AfChix 2011 Blantyre, Malawi Log management. Log management and monitoring ■ What is log management and monitoring ? ● It's about keeping your logs in.

AfChix 2011 Blantyre, Malawi Log management. Log management and monitoring ■ What is log management and monitoring ? ● It's about keeping your logs in.
Linux Networking and Security Chapter 10 File Security.

Linux Networking and Security Chapter 10 File Security.
Security Auditing CS460/ECE422 Spring 2012. Reading Material Chapter 18 of text.

Security Auditing CS460/ECE422 Spring Reading Material Chapter 18 of text.
Services, logging, accounting Todd Kelley CST8177– Todd Kelley1.

Services, logging, accounting Todd Kelley CST8177– Todd Kelley1.

Similar presentations

Ads by Google