Linux under the schema log server

One: Principle:

Logging is important to the security of the system, which records a variety of things that occur on a daily basis, which users can use to check the cause of the error or to look for traces left by the attacker. The main function of the log is auditing and monitoring. It also allows real-time monitoring of system status, monitoring and tracking of intruders. Logs are also one of the areas where users should be aware.

Do not underestimate the important role of log files in network security, because log files can detail the various events that occur on a daily basis in the system. The user can check the log file for the cause of the error or trace the attacker when attacked and hacked. The two more important functions of the log are: auditing and monitoring. The log of the configured Linux is very powerful. For Linux systems, all log files are under/var/log. If you have more than one server log to manage, you need a schema log server to facilitate the management of multiple server logs.

Two: Case one: Use Windows as a log server, Linux as an application server. (This example uses a DHCP server as a log description and Windows Server 2003 as a test machine to obtain a DHCP address.) Description: Use third party software Kiwi syslog7.2 on Windows

1: First install the third party software Kiwi syslog7.2 on the Windows host

2:[root@lyt ~]# vim/etc/syslog.conf #编辑Linux主机/etc/syslog.conf file, as shown in figure:

3:[root@lyt ~]# Mkdir/mnt/cdrom #创建挂载点

[Root@lyt ~]# mount/dev/cdrom/mnt/cdrom/#将光盘挂载至/mnt/cdrom

[Root@lyt ~]# cd/mnt/cdrom/server/#切换至该目录, installing a DHCP server

4:[root@lyt server]# vim/etc/dhcpd.conf #编辑dhcp服务器脚本

Then press ENTER to configure dhcpd.conf, as shown in the figure: