Mailing List Archive

Interesting syslog entries.
Hi all,

I just wanted to get your opinions on finding some interesting syslog
entries to capture with swatch or similar log analyser programs. Is
there a common knowledge base on this subject? (discussion list,
forums). I already analyse things like root password changes,switch to
promiscous mode, etc... What areyou guys looking for in your logs?

Thanks! :)
Emre
--
gentoo-security@gentoo.org mailing list
Re: Interesting syslog entries. [ In reply to ]
I personally use Logwatch and pay attention to disk free space, and more
importantly ssh/login attempts/failures/successes. I haven't looked too
much into adding custom entries in Logwatch, but I think I might look into
the GRSecurity logging extensions as well. I would definitely consider
paying attention to any externally accessible services being analyzed
(apache, mysql, etc). :)

HTH

cheers!

> Hi all,
>
> I just wanted to get your opinions on finding some interesting syslog
> entries to capture with swatch or similar log analyser programs. Is
> there a common knowledge base on this subject? (discussion list,
> forums). I already analyse things like root password changes,switch to
> promiscous mode, etc... What areyou guys looking for in your logs?
>
> Thanks! :)
> Emre
> --
> gentoo-security@gentoo.org mailing list
>
>


--
gentoo-security@gentoo.org mailing list
Re: Interesting syslog entries. [ In reply to ]
I personally use Logwatch and pay attention to disk free space, and more
importantly ssh/login attempts/failures/successes. I haven't looked too
much into adding custom entries in Logwatch, but I think I might look into
the GRSecurity logging extensions as well. I would definitely consider
paying attention to any externally accessible services being analyzed
(apache, mysql, etc). :)

HTH

cheers!

> Hi all,
>
> I just wanted to get your opinions on finding some interesting syslog
> entries to capture with swatch or similar log analyser programs. Is
> there a common knowledge base on this subject? (discussion list,
> forums). I already analyse things like root password changes,switch to
> promiscous mode, etc... What areyou guys looking for in your logs?
>
> Thanks! :)
> Emre
> --
> gentoo-security@gentoo.org mailing list
>
>


--
gentoo-security@gentoo.org mailing list
Re: Interesting syslog entries. [ In reply to ]
<quote who="Joey McCoy">
> I personally use Logwatch and pay attention to disk free space, and more
> importantly ssh/login attempts/failures/successes. I haven't looked too
> much into adding custom entries in Logwatch, but I think I might look into
> the GRSecurity logging extensions as well. I would definitely consider
> paying attention to any externally accessible services being analyzed
> (apache, mysql, etc). :)

I do more or less the same - but graphs say more than 1000words - so I
wrote some little extensions to phpWebSite to actually show me some data
on what is going on on my systems. Disk-Usage, CPU-Loads,
Login-Attempts/Failures, Detected Viruses, SMTP-Connections, passed mails,
detected Spam/Rejected Spam etc. Check it out on my
webpage:http://www.solsys.org/mod.php?mod=systat&op=disp_ind&host_id=1

Cheers

Joerg

> HTH
>
> cheers!
>
>> Hi all,
>>
>> I just wanted to get your opinions on finding some interesting syslog
>> entries to capture with swatch or similar log analyser programs. Is
>> there a common knowledge base on this subject? (discussion list,
>> forums). I already analyse things like root password changes,switch to
>> promiscous mode, etc... What areyou guys looking for in your logs?
>>
>> Thanks! :)
>> Emre
>> --
>> gentoo-security@gentoo.org mailing list
>>
>>
>
>
> --
> gentoo-security@gentoo.org mailing list
>
>


--
------------------------------------------------------------------------
| Joerg Mertin : smurphy@solsys.org (Home)|
| in Forchheim/Germany : smurphy@linux.de (Alt1)|
| Stardust's LiNUX System : |
| Web: http://www.solsys.org |
------------------------------------------------------------------------
PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A



--
gentoo-security@gentoo.org mailing list
Re: Interesting syslog entries. [ In reply to ]
Hey very nicely done! Quite impressive! :)


>
> <quote who="Joey McCoy">
>> I personally use Logwatch and pay attention to disk free space, and more
>> importantly ssh/login attempts/failures/successes. I haven't looked too
>> much into adding custom entries in Logwatch, but I think I might look
>> into
>> the GRSecurity logging extensions as well. I would definitely consider
>> paying attention to any externally accessible services being analyzed
>> (apache, mysql, etc). :)
>
> I do more or less the same - but graphs say more than 1000words - so I
> wrote some little extensions to phpWebSite to actually show me some data
> on what is going on on my systems. Disk-Usage, CPU-Loads,
> Login-Attempts/Failures, Detected Viruses, SMTP-Connections, passed mails,
> detected Spam/Rejected Spam etc. Check it out on my
> webpage:http://www.solsys.org/mod.php?mod=systat&op=disp_ind&host_id=1
>
> Cheers
>
> Joerg
>
>> HTH
>>
>> cheers!
>>
>>> Hi all,
>>>
>>> I just wanted to get your opinions on finding some interesting syslog
>>> entries to capture with swatch or similar log analyser programs. Is
>>> there a common knowledge base on this subject? (discussion list,
>>> forums). I already analyse things like root password changes,switch to
>>> promiscous mode, etc... What areyou guys looking for in your logs?
>>>
>>> Thanks! :)
>>> Emre
>>> --
>>> gentoo-security@gentoo.org mailing list
>>>
>>>
>>
>>
>> --
>> gentoo-security@gentoo.org mailing list
>>
>>
>
>
> --
> ------------------------------------------------------------------------
> | Joerg Mertin : smurphy@solsys.org (Home)|
> | in Forchheim/Germany : smurphy@linux.de (Alt1)|
> | Stardust's LiNUX System : |
> | Web: http://www.solsys.org |
> ------------------------------------------------------------------------
> PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A
>
>
>
> --
> gentoo-security@gentoo.org mailing list
>
>


--
gentoo-security@gentoo.org mailing list