Solaris, Sco, Mac OS system log analysis tools

Source: Internet
Author: User
Tags syslog system log


Solaris,Mac OSSystem Log Analysis tool


This article takes PC several common on-server UNIX systems such as Solaris , Mac OS as well Sco OpenServer The system is an example of how to look up system logs under these platforms.



first, with SMC Analyze system Logs


    We knowLinuxsystem under theSystem Log Vieweris aGNOMEThe log File Viewer for the desktop environment, and theSOLARSI9/10system, it is also very easy to useGUIToolsSMC(Solaris Management Console), the current version is2.1, which includes the server components (SUNWMC), client components (SUNWMCC), General components (sunmccom), developer Kit (Sunwmcdev),WBEMComponents (SUNWWBMCThese components provide a number of excellent management tools, such as system configuration, Network service management, storage management and device management, where the log viewer is a frequent concern for administrators, and it records system logs, and we look for analytics right here. 1-33is shown.






1 ). To determine whether the console server is running



#/ETC/INIT.D/INIT.WBEM Status



SMC Server version 2.1.0 running on port 898



2 ). If the console server is not running, start it.



#/etc/init.d/init.wbem start



3 ). start SMC



#/usr/sadm/bin/smc &



because SMC Rights Management is role-based, so we want to Root identity to view all log information.






ii. Sco OpenServer System of GUI Log Analysis Tool






SCO OpenServer System log storage location



/usr/adm/messages General system event logging



/usr/adm/hwconfig



/usr/adm/syslog Major system event logging



/usr/internet/ns_httpd/httpd-80/logs Web Log



In general, you need to note the following files: wtmp (user login record), WTMPX, Sulog (user logged in as a different user)








In addition to our command line, we can use GUI tools to query the log and other administrative operations



#cd/opt/k/sco/unix/5.0.5eb/sa /eventlog



#eventlogGUI








Select those logs will have /var/adm/syslog record, then we can start to formally view the log content



#cd/opt/k/sco/unix/5.0.5eb/sa/systemlogs



#systemlogsGUI








third, Mac OS X of the GUI Log Query Tool






for Mac Os the log of the system may not be common to everyone, sometimes in the forensics process often need, here summarizes the common log list, such as table 1-14 is shown. In addition, the system on Apple Mac OS X 9 contains a log query tool,as shown in1-34 , the left column is the list of all logs in the system, the right side corresponds to the content of a log, The search area at the top right can also be queried by keyword, which is quite handy.



Table 1-14 Mac System main Log


name

road path

apple syslog message

/VAR/LOG/ASL

vpn , Pppoe log

/var/log/ppp.log

printer access log

/var/log/cups/access_log

Power Management log

/usr/bin/pmset-g.log

firewall log

/var/log/appfirewall.log

File system repair Log

/users/username/library/logs/fsck_hfs.log

System Diagnostics Information

/var/log/diagnosticmessages



is not onlyCisco IOSoperating system is based onBSDkernel, evenApplethis excellent operating system is also based on theBSDkernel. ForApple Mac OS Xfirewalls, in fact, if you knowCiscoThe firewall is not difficult to understand,MansA bitIPFWIt can be seen that it is actually better thanLinuxunder theNetFiltermore simple. Here's an example: for example, we want to prohibitPingserver, which is forbiddenICMP,in the table1-15different operating systems are displayed in theimplementation method.


Table 1-15 comparison of implementation methods between each operating system


operating system

life order

mac OS

IPFW add deny ICMP from all to any

cisco Route

access-list deny ICMP any any echo

linux

iptables-a input-p ICMP--icmp-type 8-s 0/0-j DROP


The attentive reader will observe this and Cisco commands are very similar, if the firewall function is turned on, the system will log the firewall logs to Appifrewall.log file, the following instructions are made for the standard log.



#cat/var/log/appfirewall.log



Jan 18:44:47 localhost socketfilterfw[49251]<info>:D eny netbiosd data in for 192.168.11.6:137 to Port 137 proto=1 7



... ...



RFC768 the agreement number stipulated in the - Representative UDP Protocol - indicates that the upper layer is the transport level UDP Agreement, UDP 137 providing access and protection to computers NETBIOS name.









For more original content, please refer to "Unix/linux Network log analysis and traffic monitoring" book



Solaris, Sco, Mac OS system log analysis tools


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.