Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Security

Interesting syslog entries.

 

 

Gentoo security RSS feed   Index | Next | Previous | View Threaded


emre at emresaglam

Mar 19, 2005, 11:41 AM

Post #1 of 5 (1025 views)
Permalink
Interesting syslog entries.

Hi all,

I just wanted to get your opinions on finding some interesting syslog
entries to capture with swatch or similar log analyser programs. Is
there a common knowledge base on this subject? (discussion list,
forums). I already analyse things like root password changes,switch to
promiscous mode, etc... What areyou guys looking for in your logs?

Thanks! :)
Emre
--
gentoo-security [at] gentoo mailing list


ixion at cfl

Mar 19, 2005, 12:03 PM

Post #2 of 5 (990 views)
Permalink
Re: Interesting syslog entries. [In reply to]

I personally use Logwatch and pay attention to disk free space, and more
importantly ssh/login attempts/failures/successes. I haven't looked too
much into adding custom entries in Logwatch, but I think I might look into
the GRSecurity logging extensions as well. I would definitely consider
paying attention to any externally accessible services being analyzed
(apache, mysql, etc). :)

HTH

cheers!

> Hi all,
>
> I just wanted to get your opinions on finding some interesting syslog
> entries to capture with swatch or similar log analyser programs. Is
> there a common knowledge base on this subject? (discussion list,
> forums). I already analyse things like root password changes,switch to
> promiscous mode, etc... What areyou guys looking for in your logs?
>
> Thanks! :)
> Emre
> --
> gentoo-security [at] gentoo mailing list
>
>


--
gentoo-security [at] gentoo mailing list


ixion at cfl

Mar 19, 2005, 12:03 PM

Post #3 of 5 (1003 views)
Permalink
Re: Interesting syslog entries. [In reply to]

I personally use Logwatch and pay attention to disk free space, and more
importantly ssh/login attempts/failures/successes. I haven't looked too
much into adding custom entries in Logwatch, but I think I might look into
the GRSecurity logging extensions as well. I would definitely consider
paying attention to any externally accessible services being analyzed
(apache, mysql, etc). :)

HTH

cheers!

> Hi all,
>
> I just wanted to get your opinions on finding some interesting syslog
> entries to capture with swatch or similar log analyser programs. Is
> there a common knowledge base on this subject? (discussion list,
> forums). I already analyse things like root password changes,switch to
> promiscous mode, etc... What areyou guys looking for in your logs?
>
> Thanks! :)
> Emre
> --
> gentoo-security [at] gentoo mailing list
>
>


--
gentoo-security [at] gentoo mailing list


smurphy at solsys

Mar 21, 2005, 1:34 AM

Post #4 of 5 (994 views)
Permalink
Re: Interesting syslog entries. [In reply to]

<quote who="Joey McCoy">
> I personally use Logwatch and pay attention to disk free space, and more
> importantly ssh/login attempts/failures/successes. I haven't looked too
> much into adding custom entries in Logwatch, but I think I might look into
> the GRSecurity logging extensions as well. I would definitely consider
> paying attention to any externally accessible services being analyzed
> (apache, mysql, etc). :)

I do more or less the same - but graphs say more than 1000words - so I
wrote some little extensions to phpWebSite to actually show me some data
on what is going on on my systems. Disk-Usage, CPU-Loads,
Login-Attempts/Failures, Detected Viruses, SMTP-Connections, passed mails,
detected Spam/Rejected Spam etc. Check it out on my
webpage:http://www.solsys.org/mod.php?mod=systat&op=disp_ind&host_id=1

Cheers

Joerg

> HTH
>
> cheers!
>
>> Hi all,
>>
>> I just wanted to get your opinions on finding some interesting syslog
>> entries to capture with swatch or similar log analyser programs. Is
>> there a common knowledge base on this subject? (discussion list,
>> forums). I already analyse things like root password changes,switch to
>> promiscous mode, etc... What areyou guys looking for in your logs?
>>
>> Thanks! :)
>> Emre
>> --
>> gentoo-security [at] gentoo mailing list
>>
>>
>
>
> --
> gentoo-security [at] gentoo mailing list
>
>


--
------------------------------------------------------------------------
| Joerg Mertin : smurphy [at] solsys (Home)|
| in Forchheim/Germany : smurphy [at] linux (Alt1)|
| Stardust's LiNUX System : |
| Web: http://www.solsys.org |
------------------------------------------------------------------------
PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A



--
gentoo-security [at] gentoo mailing list


ixion at cfl

Mar 21, 2005, 4:40 AM

Post #5 of 5 (986 views)
Permalink
Re: Interesting syslog entries. [In reply to]

Hey very nicely done! Quite impressive! :)


>
> <quote who="Joey McCoy">
>> I personally use Logwatch and pay attention to disk free space, and more
>> importantly ssh/login attempts/failures/successes. I haven't looked too
>> much into adding custom entries in Logwatch, but I think I might look
>> into
>> the GRSecurity logging extensions as well. I would definitely consider
>> paying attention to any externally accessible services being analyzed
>> (apache, mysql, etc). :)
>
> I do more or less the same - but graphs say more than 1000words - so I
> wrote some little extensions to phpWebSite to actually show me some data
> on what is going on on my systems. Disk-Usage, CPU-Loads,
> Login-Attempts/Failures, Detected Viruses, SMTP-Connections, passed mails,
> detected Spam/Rejected Spam etc. Check it out on my
> webpage:http://www.solsys.org/mod.php?mod=systat&op=disp_ind&host_id=1
>
> Cheers
>
> Joerg
>
>> HTH
>>
>> cheers!
>>
>>> Hi all,
>>>
>>> I just wanted to get your opinions on finding some interesting syslog
>>> entries to capture with swatch or similar log analyser programs. Is
>>> there a common knowledge base on this subject? (discussion list,
>>> forums). I already analyse things like root password changes,switch to
>>> promiscous mode, etc... What areyou guys looking for in your logs?
>>>
>>> Thanks! :)
>>> Emre
>>> --
>>> gentoo-security [at] gentoo mailing list
>>>
>>>
>>
>>
>> --
>> gentoo-security [at] gentoo mailing list
>>
>>
>
>
> --
> ------------------------------------------------------------------------
> | Joerg Mertin : smurphy [at] solsys (Home)|
> | in Forchheim/Germany : smurphy [at] linux (Alt1)|
> | Stardust's LiNUX System : |
> | Web: http://www.solsys.org |
> ------------------------------------------------------------------------
> PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A
>
>
>
> --
> gentoo-security [at] gentoo mailing list
>
>


--
gentoo-security [at] gentoo mailing list

Gentoo security RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.