Presentation is loading. Please wait.

Presentation is loading. Please wait.

Generating Reports and Analyzing Logs 黃雁亭 陳麗雯 廖榆恬 1.

Published byElijah Osborne Modified over 9 years ago

Similar presentations

Presentation on theme: "Generating Reports and Analyzing Logs 黃雁亭 陳麗雯 廖榆恬 1."— Presentation transcript:

1 Generating Reports and Analyzing Logs 黃雁亭 陳麗雯 廖榆恬 1

2 Outline Log Report Syslogd Configure the Syslog Syslog Server Logrotate Summery 2

3 Log Report What is Log Report? A report includes….. – Date, time, host, service& related function and message. Ex: – May 28 11:23:48 ip005 su: pam_unix(su:session): session opened for user root by imliving(uid=500) 3

4 Log Report (cont.) Why log report? You need to – Know the errors – See the actions Two types – Capture bad strings immediately, ignore the rest. – Ignore “okay” strings, report on what’s left. 4

5 Syslogd The service to reporting the log. ps aux | grep syslog – USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND – root 4294 0.0 0.0 1716 568 ? Ss Mar31 0:00 syslogd -m 0 chkconfig --list syslog – syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off 5

6 Configure the Syslog /etc/syslog.conf – The service. – The level of the information. – The location of the file. Ex: – mail.info/var/log/maillog_info 6

7 Configure the Syslog (cont.) The main services are auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp and local0 through local7. 7

8 Configure the Syslog (cont.) The level of the information – Info, notice, warning(warn) – Err(error), crit, alert – Emerg(panic) Symbol –. –.= –.! 8

9 Configure the Syslog (cont.) How to add the log report – vi /etc/syslog.conf – /etc/init.d/syslog restart 9

10 Syslog Server Syslogd /etc/syslog.conf cronmailauth... log Syslogd /etc/sysconfig/syslog log Client Server 10

11 Syslog Server (cont.) Server – vi /etc/sysconfig/syslog – SYSLOGD_OPTIONS="-m 0 -r" – /etc/init.d/syslog restart – netstat -lunp | grep syslog Client – vi /etc/syslog.conf –*.*@10.10.21.69 11

12 Logrotate Change the name of old log file. Create a new empty log file. Report the log on the new file. Reserve the old file for a period of time. 12

13 Logrotate (cont.) LogLog.1 Log Log.1 Log.2 Log.3 Log.4 1 2 3 4 13

14 Logrotate (cont.) vi /etc/logrotate.conf Execute: logrotate [-vf] logfile – logrotate -v /etc/logrotate.conf – logrotate -vf /etc/logrotate.conf 14

15 Summary Log Report can see the action and the error. Syslogd can classify the log report and centralize the management. Logrotate can keep the log file size not too big. 15

16 Reference http://phorum.study-area.org/ 酷 ! 學園 http://phorum.study-area.org/ http://linux.vbird.org/ 鳥哥的私房菜 http://linux.vbird.org/ 16

17 Thanks for your listening. 17

Download ppt "Generating Reports and Analyzing Logs 黃雁亭 陳麗雯 廖榆恬 1."

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
CIS 191 - Lesson 12 System Monitoring 1. CIS 191 - Lesson 12 System Monitoring Monitoring Log Files /var/log ‒ Can be used as indication of systematic.

CIS Lesson 12 System Monitoring 1. CIS Lesson 12 System Monitoring Monitoring Log Files /var/log ‒ Can be used as indication of systematic.
Managing logs with syslog-ng and SWATCH AfNOG 11, Kigali/Rwanda.

Managing logs with syslog-ng and SWATCH AfNOG 11, Kigali/Rwanda.
NetComm Wireless Logging Architecture Feature Spotlight.

NetComm Wireless Logging Architecture Feature Spotlight.
Syslog and log files1-1 Syslog and Log Files  From logfiles, you can find m important information m History m Errors/warnings  Logging policies m Reset.

Syslog and log files1-1 Syslog and Log Files  From logfiles, you can find m important information m History m Errors/warnings  Logging policies m Reset.
Detecting Intruders from log files and traces Special Intruder Detection Systems (IDS) are now a market niche, and there are many products on the market.

Detecting Intruders from log files and traces Special Intruder Detection Systems (IDS) are now a market niche, and there are many products on the market.
CIS 193A – Lesson3 Vigilance! Logging & Monitoring Syslog Logrotate Logwatch Accounting.

CIS 193A – Lesson3 Vigilance! Logging & Monitoring Syslog Logrotate Logwatch Accounting.
CS162B: Daemonization Jacob T.Chan. Foreground Process  Has input/output capabilities  These require users at the terminal  Lives as long as the terminal.

CS162B: Daemonization Jacob T.Chan. Foreground Process  Has input/output capabilities  These require users at the terminal  Lives as long as the terminal.
Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.

Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.
Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.

Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.
Daemon Processes and inetd Superserver

Daemon Processes and inetd Superserver
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Logging.

CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Logging.
NOC TOOLS syslog AfNOG 2009 - Cairo, SI-E, 2 of 5 Sunday Folayan.

NOC TOOLS syslog AfNOG Cairo, SI-E, 2 of 5 Sunday Folayan.
AfChix 2011 Blantyre, Malawi Log management. Log management and monitoring ■ What is log management and monitoring ? ● It's about keeping your logs in.

AfChix 2011 Blantyre, Malawi Log management. Log management and monitoring ■ What is log management and monitoring ? ● It's about keeping your logs in.
Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Log management.

Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Log management.
Security Auditing CS460/ECE422 Spring 2012. Reading Material Chapter 18 of text.

Security Auditing CS460/ECE422 Spring Reading Material Chapter 18 of text.
Hjemmeeksamen 1 INF3190. Oppgave Develop a monitoring/administration tool which allows an administrator to use a client to monitor all processes running.

Hjemmeeksamen 1 INF3190. Oppgave Develop a monitoring/administration tool which allows an administrator to use a client to monitor all processes running.
Server Design Discuss Design issues for Servers Review Server Creation in Linux.

Server Design Discuss Design issues for Servers Review Server Creation in Linux.

Similar presentations

Ads by Google