No email tracking is available in either local tracking or network intrusion tracking. In fact, due to the lag of emails, it is difficult to obtain practical information when an intrusion occurs. Here we list this network Tracking Method for your reference only.
The above is how syslog records are written and recorded. You can record what you need as needed. However, these records are always piled up. Unless you delete the files, the files will become larger and larger. Some may write *. */var/log/everything in syslogd. conf. If so, of course all the situations are recorded by you. However, if something really happens to the system, you may need to find out the problem from dozens or even hundreds of MB of text, which may not help you at all. Therefore, the following two points can help you quickly find important records:
Regular email tracking record
Develop the habit of reading a record every week (or shorter time, if you are free. If you need to back up the old record files, you can use cplog.1, cploglog.2... or cplog.971013, cplog.980101... and keep the expired records according to the serial number or date. It will be easier for future study.
Email tracking only records useful items
Do not record *. * like in the previous example *.*. And put it in an archive. In this case, the exported file is too large to be retrieved immediately. When someone is recording network communication, he or she can even ping his host. Unless the system is already under great threat, someone will like to try your system if it's okay. Otherwise, such trivial matters do not need to be recorded. It can improve system efficiency and reduce hard disk usage (and save your time ). How can we locate the geographic location of intruders? You may not be able to see the IP address, but you will also find the rule. In a fixed network environment, intruders must be closely related to the network provider. If it is a regional network, the distance is definitely not several kilometers away. Even after the dial-up, few people will spend a lot of money to dial access servers in other cities or even outside China. Therefore, as long as the unit of the line is detected, the intruder is not far from the unit of the line.
A dial-up network is a headache. Many ISPs have created many network cards to attract customers. If a User buys a fixed number of hours and does not need to submit an application to the ISP, the User can dial the internet according to the instructions on the card. This will certainly attract customers, but ISP won't know who is using their network. That is to say, although the network card-based dial-up Service brings great convenience to the dial-up users, it is an enemy of system security and a nightmare for network administrators. If the attacker is using a network card to access the Internet ......, Do you want to check the dialing location? Intruders may not use their home phone to access the Internet.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
