Logging

[sim <simeonuj () eetc com>]

I have a Sparc 10 running Redhat 6.2 as a firewall for a small network.
Inside the network is a logserver that syslog sends most of the logs to.  I
am wondering if anyone has any suggestions as to what needs to be logged or
a starting point for this kind of information.
Here is what it is currently logging

kern.*                                                  /var/log/kernel
kern.*                                                  @192.168.1.38
local7.*                                                /var/log/boot.log
local7.*                                                @192.168.1.38
*.info;mail.none;authpriv.none               /var/log/messages
*.warn;*.err                                         @192.168.1.38
auth.*;user.*;daemon.none                   /var/log/loginlog
auth.*;user.*;daemon.none                   @192.168.1.38
authpriv.*                                             /var/log/secure
authpriv.*                                            @192.168.1.38
mail.*                                                   /var/log/maillog
*.emerg                                               *
*.emerg                                               @192.168.1.38
uucp,news.crit                                      /var/log/spooler
local7.*                                                /var/log/boot.log

It is also running snort.

If you have any suggestions or a good place to start anything would be
appreciated.
I am also looking for something that tells me what applications log to what.
For instance I hear that PAM still uses .auth but that is being fazed out
for .authpriv.  This may be fixed now but I haven't found anything that gets
very specific about logging.  I have search the howtos and documentation and
have come up with nothing.  Where should I look?

Any help is appreciated

sim 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards