Solaris,Mac OSSystem Log Analysis tool
this section to PC several common on-server UNIX systems such as Solaris , Mac OS as well Sco OpenServer The system is an example of how to look up system logs under these platforms.
first, with SMC Analyze system Logs
We knowLinuxsystem under theSystem Log Vieweris aGNOMEThe log File Viewer for the desktop environment, and theSOLARSI9/10system, it is also very easy to useGUIToolsSMC(Solaris Management Console), the current version is2.1, which includes the server components (SUNWMC), client components (SUNWMCC), General components (sunmccom), developer Kit (Sunwmcdev),WBEMComponents (SUNWWBMCThese components provide a number of excellent management tools, such as system configuration, Network service management, storage management and device management, where the log viewer is a frequent concern for administrators, and it records system logs, and we look for analytics right here. 1-33is shown.
1 ). To determine whether the console server is running
#/ETC/INIT.D/INIT.WBEM Status
SMC Server version 2.1.0 running on port 898
2 ). If the console server is not running, start it.
#/etc/init.d/init.wbem start
3 ). start SMC
#/usr/sadm/bin/smc &
because SMC Rights Management is role-based, so we want to Root identity to view all log information.
Second, Mac OS X of the GUI Log Query Tool
for Mac Os the log of the system may not be common to everyone, sometimes in the forensics process often need, here summarizes the common log list, such as table 1-14 is shown. In addition, the system on Apple Mac OS X 9 contains a log query tool,as shown in1-34 , the left column is the list of all logs in the system, the right side corresponds to the content of a log, The search area at the top right can also be queried by keyword, which is quite handy.
Table 1-14 Mac System main Log
name > |
road path |
apple syslog message |
/var/log/asl |
vpn pppoe Log |
|
printer access log |
/var/log/cups/access_log |
|
/usr/bin/pmset-g.log |
firewall log |
/var/log/appfirewall.log |
file system repair log |
/Users/ Username/library/logs/fsck_hfs.log |
System Diagnostics Information |
/var/log/diagnosticmessages |
is not onlyCisco IOSoperating system is based onBSDkernel, evenApplethis excellent operating system is also based on theBSDkernel. ForApple Mac OS Xfirewalls, in fact, if you knowCiscoThe firewall is not difficult to understand,MansA bitIPFWIt can be seen that it is actually better thanLinuxunder theNetFiltermore simple. Here's an example: for example, we want to prohibitPingserver, which is forbiddenICMP,in the table1-15different operating systems are displayed in theimplementation method.
Table 1-15 comparison of implementation methods between each operating system
operating system |
life |
mac OS |
IPFW add deny ICMP from all to any |
cisco Route |
access-list deny ICMP any any echo |
linux |
iptables-a input-p ICMP--icmp-type 8-s 0/0-j DROP |
The attentive reader will observe this and Cisco commands are very similar, if the firewall function is turned on, the system will log the firewall logs to Appifrewall.log file, the following instructions are made for the standard log.
#cat/var/log/appfirewall.log
Jan 18:44:47 localhost socketfilterfw[49251]<info>:D eny netbiosd data in for 192.168.11.6:137 to Port 137 proto=1 7
... ...
RFC768 the agreement number stipulated in the - Representative UDP Protocol - indicates that the upper layer is the transport level UDP Agreement, UDP 137 providing access and protection to computers NETBIOS name.
If you want to try to analyze the logs in these systems, you can download the experiment environment here: http://chenguang.blog.51cto.com/350944/1580937
For more interesting information, please refer to "Unix/linux Network log analysis and traffic monitoring" book
This article is from the "Lee Chenguang Original Technology blog" blog, please be sure to keep this source http://chenguang.blog.51cto.com/350944/1679039
Solaris, Mac OS system log analysis tools