1 / 16

Cosc 4750

Log files. Cosc 4750. Logging policies. Throw away all data immediately Reset log files at periodic intervals Rotate logs files, keeping data for a fixed time Compress and archive logs to tape or other permanent media. Throwing away logs. Not recommended

brilliant
Download Presentation

Cosc 4750

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Log files Cosc 4750

  2. Logging policies • Throw away all data immediately • Reset log files at periodic intervals • Rotate logs files, keeping data for a fixed time • Compress and archive logs to tape or other permanent media

  3. Throwing away logs • Not recommended • Needed for tuning/fixing the system • Keeping no logs, or turning off logs • linking log files to /dev/null • UNIX version of the trash can

  4. Rotating log files • Standard practice and default for installs • A log file is used for a specific time or until goes to a specific amount. • Then the log is renamed to logfile.1 • usually, between 2 and 4 rotates • logfile, logfile.1,logfile.2, logfile.3, and logfile.4 • When a log files reaches it last “rotate” it then removed/deleted

  5. Archiving logs • The logs are usually compressed at certain times (or rotated logs) • probably with gzip or compress • Then stored on tape or other permanent media, off-line

  6. Log files • Commonly found in /var/log or /var/adm (sgi) • messages (SYSLOG or syslog) • Main system log, much of the system logs are found here • secure: network connections and auth logs • maillog: sendmail logs • xferlog: the ftp log • boot.log: output from the rc scripts • dmesg: kernel and init boot output • many others

  7. syslog/messages • syslogd is the logging daemon, configured with /etc/syslog.conf • It can be configured to write logs to any number of files as well as duplicate log files • default it writes to SYSLOG/messages

  8. syslogd.conf # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Everybody gets emergency messages, plus log them on another # machine *.emerg *

  9. Syslog severity levels • emerg = Panic situations • alert = Urgent • crit = critical condition • err = other error conditions • warnings = warnings messages • notice = might merit investigation • info = information messages • debug = for debugging only

  10. Other software uses syslog • ftpd, halt/reboot, inetd, login/rlogind • named, passwd, popper (mail), sendmail, • cron, vmunix (kernel)

  11. logrotate command • uses configuration files to figure out when to rotate logs • /etc/logrotate.conf is a generic config • general info, when to rotate, compress, etc. • contains /var/log/wtmp rotate info • /etc/logrotate.d/ contains files for specific configures actions for logs rotations.

  12. syslog rotate file • /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron { • sharedscripts • postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true • endscript • }

  13. Viewing log files • Most UNIX/linux log files contain lots of information. • Sometimes too much for people. • Besides cat’ing the logs in /var/log • There is a logviewer (system-logviewer) • redhat-logviewer on older redhat systems • There are many “logviewers” created by the OpenSource community.

  14. logwatch • A program installed by default on Redhat/Fedora systems. • E-mails "important" logs information to the root account daily. • Configured in /etc/log.d directory • logwatch.conf is general configurations • services/* contains configuration files for varying services log files • logfiles/* contains config's for non-services log files • scripts/shared/*, scripts/services/* scripts/logfiles/* vary filters for services and non-services log files.

  15. logSentry • Similar to logwatch, but driven by security concerns, where as logwatch is summary of the logs. • Filters out messages that are not security threats, then categorizes messages that could represent a threat and e-mails. • Active System Attack Alters • Security Violations • Unusual system events.

  16. Q A &

More Related