Analysis of Linux system logs by network engineers

Source: Internet
Author: User
Article Title: Analysis of Linux system logs by network engineers. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The important role of log files on network security cannot be underestimated, because log files can detail various events that occur on a daily basis in the system. You can use log files to check the cause of errors, or trace the traces of attackers when they are attacked or hacked. Two important roles of logs are review and monitoring. The configured Linux Log is very powerful. For Linux systems, all log files are under/var/log. By default, Linux Log Files are powerful enough, but FTP activities are not recorded. You can modify/etc/ftpacess to allow the system to record all FTP activities.

Linux Log System Introduction: logs are very important to System Security. They record various events that occur in the system every day. You can use them to check the causes of errors, or look for traces left by attackers when they are attacked. The main functions of logs are audit and monitoring. It can also monitor the system status in real time and monitor and track intrusions. Linux generally has three major log subsystems: connection time logs, process statistics logs, and error logs.

Common log files and Common commands in RedHat Linux: one of the keys to successful management of any system is to know what is happening in the system. Exception logs are provided in Linux and the log details are configurable. Linux logs are stored in plain text, so you can search and read them without special tools. You can also write scripts to scan these logs and automatically execute certain functions based on their contents. Linux logs are stored in the/var/log directory. There are several log files maintained by the system, but other services and programs may also put their logs here. Most logs can only be read by the root account, but modifying the file access permission allows others to read the logs.

Configure the Linux Log File: logs should also be noticed by users. Do not underestimate the importance of log files for network security. Because log files can record various daily events of the system in detail, you can check the causes of errors through log files, or trace the attackers when they are attacked or attacked. Two important roles of logs are review and monitoring. The configured Linux Log is very powerful. For Linux systems, all log files are stored in/var/log. By default, Linux Log Files are powerful enough, but FTP activities are not recorded. You can modify/etc/ftpacess to allow the system to record all FTP activities.

Linux Log File Management Tool: logrotate Introduction: if there are a large number of users on the server, the size of these log files will increase quickly. When the server's hard disk is not very adequate, measures must be taken to prevent log files from popping up the hard disk. In modern Linux versions, a small program named logrotate is used to help users manage log files and work with their own daemon processes. Logrotate periodically rotates log files. You can periodically rename each log file into a backup name, and then let its daemon process start to use a new copy of the log file. This is why many file names such as maillog, maillog.1, maillog.2, boot. log.1, and boot. log.2 are displayed under/var/log. It is driven by a configuration file, which is/etc/logroatate. conf

Logcheck, a common log analysis tool in Linux: For Linux systems with a large number of accounts and BUSY systems, its log files are extremely large, A lot of useless information will overwhelm the noteworthy information, causing great inconvenience to the user in log analysis. There are some tools dedicated to log analysis, such as Logcheck and Friends. Logcheck is used to analyze a large log file, filter out log items with potential security risks or other abnormal conditions, and then notify the specified user by email. It is developed by Psionic.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.