Sep 29, 2010 Comments Off
Series: System logs – a world of information
One of the least discussed and often overlooked features of securing your environment, infrastructure or applications would be the humble log file, willing and able to record any or all activity and go in to verbose detail that will make even the most seasoned sysadmin blush. The main purpose of this post is to introduce a system logging series that will span over a couple of posts to get the most out of your log setup and more importantly to keep track of your system and any unwanted activity.
NB; your logs could be what leads forensic investigation to a positive conclusion, countless times on incident response, pulled forensic images are taken and on examination the only thing the logs hold are that the machine was outdated or in the worst case there are no logs because they had been removed or disabled and no backups or replication of logs were made.
The command and options will vary over the different OS’s but we will try cover the basics for the major players. We will look at the following of the series:
syslogd
logger
logrotate
Keep an eye out for part 1
