[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Logging practices (and why does it suck in Debian?)

On Wed, Apr 11, 2001 at 01:40:13PM -0500, JonesMB wrote:

> make that 4.  I always have an xterm with a tail -f /var/log/syslog running
> so I can see what is happening to the system.  I have a firewall setup but
> I don't know if it is good enough so I usually monitor the syslog file for
> suspicious activity.

This is more of a helpful comment or someone new to security on

Monitoring the logs (i.e. syslog) for suspicious activity
may NOT provide you with any details of suspicious activity by 

Please make sure you have properly setup your firewall and have it
reporting details (you request) to your log.  Also some sort of
intrusion detection (snort), will also help your effort.

Mark Hurley

Reply to: