Firewall Wizards mailing list archives
Logging
From: sim <simeonuj () eetc com>
Date: Wed, 25 Oct 2000 15:49:10 -0500
I have a Sparc 10 running Redhat 6.2 as a firewall for a small network. Inside the network is a logserver that syslog sends most of the logs to. I am wondering if anyone has any suggestions as to what needs to be logged or a starting point for this kind of information. Here is what it is currently logging kern.* /var/log/kernel kern.* @192.168.1.38 local7.* /var/log/boot.log local7.* @192.168.1.38 *.info;mail.none;authpriv.none /var/log/messages *.warn;*.err @192.168.1.38 auth.*;user.*;daemon.none /var/log/loginlog auth.*;user.*;daemon.none @192.168.1.38 authpriv.* /var/log/secure authpriv.* @192.168.1.38 mail.* /var/log/maillog *.emerg * *.emerg @192.168.1.38 uucp,news.crit /var/log/spooler local7.* /var/log/boot.log It is also running snort. If you have any suggestions or a good place to start anything would be appreciated. I am also looking for something that tells me what applications log to what. For instance I hear that PAM still uses .auth but that is being fazed out for .authpriv. This may be fixed now but I haven't found anything that gets very specific about logging. I have search the howtos and documentation and have come up with nothing. Where should I look? Any help is appreciated sim _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Logging sim (Oct 26)
- Re: Logging James W. Abendschan (Oct 27)
- <Possible follow-ups>
- Re: Logging Roger Marquis (Oct 27)