Log files of the liunx System

Log files of the liunx System

Address: http://tech.ccidnet.com/art/3089/20070601/1098901_1.html

 

Network Management relies mainly on system logs, which we often call log files, to obtain intrusion traces and your incoming IP addresses,

Or other information. Of course, some network administrators use third-party tools to record traces of intrusions into their computers.

Record your trace files in UNIX systems.

Where are these log files? This mainly relies on the UNIX system that you enter.

Although there are some different log files, most of them should have the same location. The most common location is as follows:

/Usr/ADM-earlier versions of UNIX

/Var/adm-use this location for a new version

/Var/log-use this location for some versions of Solaris, Linux BSD, and Free BSD.

/Etc-put utmp here in most UNIX versions, some also put wtmp here, and syslog. conf here

The following files vary depending on your directory:

Acct or pacct-records the Command records used by each user

Access_log -- records the websites connected to your server when the server runs NCSA httpd.

Aculog-stores the modems records you dial out.

Lastlog-records the most recent login records of the user and the initial destination of each user.

Successful Login records

Loginlog-records abnormal login records

Messages -- records the records output to the system console. Other information is generated by syslog.

Security -- Record some examples of attempts to access the restricted scope using the UCP System

Sulog -- Record the records using the su command

Utmp -- Record all users currently logged on to the system. This file is accompanied by the user's entry and exit

The system is constantly changing.

Utmpx -- utmp Extension

Wtmp -- record user logon and exit events

Syslog-the most important log file. Use the syslogd daemon to obtain log information:

/Dev/log -- a Unix domain socket that receives messages from processes running on a local machine.

/Dev/klog-A device that receives messages from the UNIX Kernel

Port 514-an internet socket that receives syslog messages from other machines over UDP.

Uucp-information of the recorded uucp, which can be updated by the local UCP activity or initiated by a remote site

Action modification. Information includes calling and receiving, sending requests, senders, and sending

Sending time and sending host

LPD-errs-logs used to process Printer fault information

FTP log -- execute ftpd with the-L option to obtain the record Function

Httpd log-the httpd server records each web access record in the log

History Log-this file stores records of the user's recent commands

Vold. Log-records errors encountered when using external media

======================================

Other types of log files-

======================================

Some types of log files do not have specific titles, but start with a specific flag. You can find

Is a log file, you can edit it:

Xfer -- indicates an attempt to transfer a prohibited file.

Rexe -- indicates attempting to execute an unsupported command

There are many other types of log files, mainly caused by third-party software, or even fucking network management.

You have set an "eye" on your system, so you need to have an eye for what you think may be a log file.

Many administrators like to put log files in the same directory for management, so you need to check the location of the log files you have found

If there are other log files in the directory, you know how to do it.

Another thing you should note is the file related to the log user mail. This file name can be varied, or sometimes

Part of the syslog file. You need to know the information recorded by syslog. You can view the information in syslog. conf. This article

The Directory of the file is in/etc.

======================================

Audit trail for Windows NT

======================================

Almost every transaction in Windows NT can be audited to a certain extent. In Windows NT

Open Audit-explorer and User Manager in two places, select securtiy in explorer, and then select

The auditing dialog box uses the directory auditing dialog box. In this dialog box, the system administrator can select valid and none

In User Manager, the system administrator can select audit based on the success or failure of various user events.

Policy, such as logon and exit, file access, illegal permissions, and system shutdown.

Windows NT stores its log files in a special format, which can be used by the event viewer.

Read event viewer. The event viewer can be found in the administrative tool program group. The system administrator can

Use the filter option of Event Viewer to select the log entries to view based on certain conditions. The viewing conditions include categories.

And Message type.

Windows NT stores audit information in three separate log files:

The Application Log-file contains information generated by applications registered with NT Security Authority.

Security log-includes System Access Information that identifies security providers and customers through nt.

System log-contains information about all system-related events.

Windows nt ftp connection logs:

Windows NT can record inbound FTP connections. After modification in the registry, can you record anonymous connections?

, Normal users or connections established by two users, you can view these log entries in the event viewer.

Windows NT httpd transaction

The system administrator can use the HTTPd service of NT to record access attempts to specific files in logs. Available on the Control Plane

In the httpd Configuration tool of the board, select an Activation Log feature.