Re: Logging practices (and why does it suck in Debian?)

To: debian-security@lists.debian.org
Subject: Re: Logging practices (and why does it suck in Debian?)
From: Mark Hurley <debian4tux@telocity.com>
Date: Wed, 11 Apr 2001 21:43:12 -0400
Message-id: <20010411214312.A32285@telocity.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <3.0.6.32.20010411134013.01c18100@arthem.com>; from jonesmb@arthem.com on Wed, Apr 11, 2001 at 01:40:13PM -0500
References: <01041114391102.00852@silence> <Pine.LNX.4.21.0104111444310.9492-100000@capitanata.ca.astr o.it> <3.0.6.32.20010411134013.01c18100@arthem.com>

On Wed, Apr 11, 2001 at 01:40:13PM -0500, JonesMB wrote:

> make that 4.  I always have an xterm with a tail -f /var/log/syslog running
> so I can see what is happening to the system.  I have a firewall setup but
> I don't know if it is good enough so I usually monitor the syslog file for
> suspicious activity.

This is more of a helpful comment or someone new to security on
debian.

Monitoring the logs (i.e. syslog) for suspicious activity
may NOT provide you with any details of suspicious activity by 
default.

Please make sure you have properly setup your firewall and have it
reporting details (you request) to your log.  Also some sort of
intrusion detection (snort), will also help your effort.

Mark Hurley

Reply to:

References:
- Re: Logging practices (and why does it suck in Debian?)
  - From: Kenneth Vestergaard Schmidt <charon@debian.org>
- Re: Logging practices (and why does it suck in Debian?)
  - From: JonesMB <jonesmb@arthem.com>

Prev by Date: Re: setting up sudo for tail
Next by Date: Re: setting up sudo for tail
Previous by thread: Re: Logging practices (and why does it suck in Debian?)
Next by thread: Re: Logging practices (and why does it suck in Debian?)
Index(es):
- Date
- Thread