Solaris, Mac OS system log analysis tools

Solaris,Mac OSSystem Log Analysis tool

this section to PC several common on-server UNIX systems such as Solaris , Mac OS as well Sco OpenServer The system is an example of how to look up system logs under these platforms.

first, with SMC Analyze system Logs

    We knowLinuxsystem under theSystem Log Vieweris aGNOMEThe log File Viewer for the desktop environment, and theSOLARSI9/10system, it is also very easy to useGUIToolsSMC(Solaris Management Console), the current version is2.1, which includes the server components (SUNWMC), client components (SUNWMCC), General components (sunmccom), developer Kit (Sunwmcdev),WBEMComponents (SUNWWBMCThese components provide a number of excellent management tools, such as system configuration, Network service management, storage management and device management, where the log viewer is a frequent concern for administrators, and it records system logs, and we look for analytics right here. 1-33is shown.

1 ). To determine whether the console server is running

#/ETC/INIT.D/INIT.WBEM Status

SMC Server version 2.1.0 running on port 898

2 ). If the console server is not running, start it.

#/etc/init.d/init.wbem start

3 ). start SMC

#/usr/sadm/bin/smc &

because SMC Rights Management is role-based, so we want to Root identity to view all log information.

Second, Mac OS X of the GUI Log Query Tool

for Mac Os the log of the system may not be common to everyone, sometimes in the forensics process often need, here summarizes the common log list, such as table 1-14 is shown. In addition, the system on Apple Mac OS X 9 contains a log query tool,as shown in1-34 , the left column is the list of all logs in the system, the right side corresponds to the content of a log, The search area at the top right can also be queried by keyword, which is quite handy.

Table 1-14 Mac System main Log

name >	road path
apple syslog message	/var/log/asl
vpn pppoe Log
printer access log	/var/log/cups/access_log
	/usr/bin/pmset-g.log
firewall log	/var/log/appfirewall.log
file system repair log	/Users/ Username/library/logs/fsck_hfs.log
System Diagnostics Information	/var/log/diagnosticmessages

is not onlyCisco IOSoperating system is based onBSDkernel, evenApplethis excellent operating system is also based on theBSDkernel. ForApple Mac OS Xfirewalls, in fact, if you knowCiscoThe firewall is not difficult to understand,MansA bitIPFWIt can be seen that it is actually better thanLinuxunder theNetFiltermore simple. Here's an example: for example, we want to prohibitPingserver, which is forbiddenICMP,in the table1-15different operating systems are displayed in theimplementation method.

Table 1-15 comparison of implementation methods between each operating system

operating system	life
mac OS	IPFW add deny ICMP from all to any
cisco Route	access-list deny ICMP any any echo
linux	iptables-a input-p ICMP--icmp-type 8-s 0/0-j DROP

The attentive reader will observe this and Cisco commands are very similar, if the firewall function is turned on, the system will log the firewall logs to Appifrewall.log file, the following instructions are made for the standard log.

#cat/var/log/appfirewall.log

Jan 18:44:47 localhost socketfilterfw[49251]<info>:D eny netbiosd data in for 192.168.11.6:137 to Port 137 proto=1 7

... ...

RFC768 the agreement number stipulated in the - Representative UDP Protocol - indicates that the upper layer is the transport level UDP Agreement, UDP 137 providing access and protection to computers NETBIOS name.

If you want to try to analyze the logs in these systems, you can download the experiment environment here: http://chenguang.blog.51cto.com/350944/1580937

For more interesting information, please refer to "Unix/linux Network log analysis and traffic monitoring" book

This article is from the "Lee Chenguang Original Technology blog" blog, please be sure to keep this source http://chenguang.blog.51cto.com/350944/1679039

Solaris, Mac OS system log analysis tools