[Courses] [courses][security] what logs?
coldfire
rolick571 at duq.edu
Wed Mar 27 03:07:55 EST 2002
> On Tue, Mar 26, 2002 at 05:05:54PM +0100, Hamster wrote:
>
> > While reading through various security related articles, and even
> > some posts on our security course, I have seen numerous examples of
> > people saying something like "I can see in our logs that we are
> > getting scanned x times a day".
> >
> > I feel a bit silly asking this, but what logs are they referring to?
>
> Your system's logs, which are usually in /var/log/ .
don't forget about logs generated by NIDS. like snort and others.
> > Are these logs created by some separate programmes written
> > specifically for monitoring portscans? (if so, what are some of these
> > programmes called?)
> > OR
> > Are these logs created by iptables itself?
>
> No. Or iptables creates other logfiles I don't know about (cos
> I don't use iptables). Some programmes use your system's logfiles
> and filter them for you, so you don't have to constantly monitor
> them yourself (such as the friendly logcheck).
iptables has the capability to log the packet headers to the syslog.
other programs can log by filtering existing logs or else they can simply
sniff the network themselves and get the information there.
coldie
More information about the Courses
mailing list