Date: 2004/08/07 Author: zcatlinux Source: zclinux
The following script is mainly used to monitor the logs generated by the system. As long as some of the logs can be added for monitoring, and the desired log files can be generated in real time for future reference! Note: If the system's log function has been damaged, this method will be invalid.
Vi run_log.sh
#! /Bin/bash
While [true];
Do
DATE = 'date + % Y % m % d'
Tail-f/var/log/message | egrep "(syslogd 1.4.1: restart | login on)">/home/log/run_syslog. $ DATE
Sleep 2
Done
Chmod u + x run_log.sh
-------------------------------------------------------------------------
Tail-f/var/log/message | egrep "(syslogd 1.4.1: restart | login on)">/home/log/run_syslog. $ DATE
In the preceding script (syslogd 1.4.1: restart | login on), you can add the content in the log file of the monitoring system as required. Separate the content with |.
--------------------------------------------------------------------------
In addition, be sure to add this script file to the system startup file, that is, to enable monitoring only after the system starts automatically. The method is as follows:
VI/etc/rc. d/rc. Local
#! /Bin/sh
#
# This script will be executed * after * all the other init scripts.
# You can put your own initialization stuff in here if you don't
# Want to do the full sys V style init stuff.
Touch/var/lock/subsys/local
Sh/usr/run_log.sh
Save and exit, let the system restart, use ps-ef | grep run_log.sh to check whether the script has been started, or check whether there is a run_syslog.2004-08-07 for the file under/home/log.
After this is done, you will know when the server is restarted and when someone has logged on to the server system. ^_^ .. Do you want to do other things with confidence? Do not know when the hacker has logged on to the system. You only need to check the generated log files frequently.