Linux under the schema log server

One: Principle:

Logging is important to the security of the system, and it records a variety of things that happen to the system every day that users can use to check the cause of the error or to find

Traces left by the attackers. The main function of the log is auditing and monitoring. It also allows real-time monitoring of system status, monitoring and tracking of intruders. Logs are also one of the areas where users should be aware.

Do not underestimate the important role of log files in network security, because log files can detail the various events that occur on a daily basis in the system. User can check error generation through log file

, or trace the attackers as they are attacked and hacked. The two more important functions of the log are: auditing and monitoring. The log of the configured Linux is very powerful. Right

For Linux systems, all log files are under/var/log. If you have more than one server log to manage, you need a schema log server to facilitate the management of multiple server logs.

Two:

Case one: Use Windows as a log server, Linux as an application server. (This example uses a DHCP server as a log description, and Windows Server 2003 makes

For a test machine that obtains a DHCP address. Description: Use third party software Kiwi syslog7.2 on Windows

1: First install the third party software Kiwi syslog7.2 on the Windows host

2:[root@lyt ~]# vim/etc/syslog.conf #编辑Linux主机/etc/syslog.conf file, as shown in figure:

3:[root@lyt ~]# Mkdir/mnt/cdrom #创建挂载点

[Root@lyt ~]# mount/dev/cdrom/mnt/cdrom/#将光盘挂载至/mnt/cdrom

[Root@lyt ~]# cd/mnt/cdrom/server/#切换至该目录, installing a DHCP server

4:[root@lyt server]# vim/etc/dhcpd.conf #编辑dhcp服务器脚本

Then press ENTER to configure dhcpd.conf, as shown in the figure:

5:[root@lyt server]# Service dhcpd Restart #重启dhcp服务器

6: Testing

Windows Server 2003 already has an IP address, as shown in figure:

The log server on the Windows host appears as follows:

Case two: Using the LINUX1 host as a log server, the LINUX2 host schema DHCP server as a test log, Windows Server 2003 as a DHCP-acquired address tester

1: First assign a static IP address for the LINUX2 host

2:[root@lyt ~]# Service Network Restart #重启network服务

3: Assign a static IP address for the LINUX1 host

4:[root@lyt ~]# Service Network Restart #重启network服务

[Root@localhost ~]# Vim/etc/sysconfig/syslog #编辑该文件

5:[root@localhost ~]# tail-f/var/log/messages #在Linux1主机上动态查看日志变化,-F indicates dynamic

6: Test:

Windows Server 2003 obtains the following IP address:

Linux Host 1 log changes: