[Gllug] log analysis
Luke Hopkins
streaklug at streaknet.co.uk
Tue Sep 14 11:49:15 UTC 2004
I find logwatch (http://www2.logwatch.org:81/) does this particularly
well.
Happy to mail you a sample output if you like.
Luke
-----Original Message-----
From: gllug-bounces at gllug.org.uk [mailto:gllug-bounces at gllug.org.uk] On
Behalf Of Craig Millar
Sent: 08 September 2004 22:58
To: gllug at gllug.org.uk
Subject: [Gllug] log analysis
Hi all,
Was wondering if i could whip up a bash script and cron it to send me a
weekly email of anything unusual it turns up in my logs. I do like to go
through the logs from time to time and keep an eye out for anything
untoward, ie intrusion attempts or anything glaringly wrong of which I
should be aware.
My questions on the matter are twofold, firstly my logs do tend to have
a lot of worthless data in them, ie. routine activities such as ip
tables accepts of dns lookups and so on: is it better to be thorough and
log everything and dilute the meaningful data, or rather tighten up on
what is logged and hopefully end up with only the important stuff?
Secondly, what are your thoughts on what I should be looking for?
Obviously I get the usual script kiddies and their attempts to root my
box with the usual "user admin, pass admin" combo, but I would have
thought that these can be safely ignored, going under the possibly
dangerous assumption that these are the efforts of some lamer with no
real idea of how to compromise a system. Is there anything particularly
that you like to keep an eye out for, in that it would suggest that
someone is making a concerted and potentially successful attempt to 0wn
my humble machine?
Thanks,
Craig
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list