Solaris,Mac OSSystem Log Analysis tool
This article takes PC several common on-server UNIX systems such as Solaris , Mac OS as well Sco OpenServer The system is an example of how to look up system logs under these platforms.
first, with SMC Analyze system Logs
We knowLinuxsystem under theSystem Log Vieweris aGNOMEThe log File Viewer for the desktop environment, and theSOLARSI9/10system, it is also very easy to useGUIToolsSMC(Solaris Management Console), the current version is2.1, which includes the server components (SUNWMC), client components (SUNWMCC), General components (sunmccom), developer Kit (Sunwmcdev),WBEMComponents (SUNWWBMCThese components provide a number of excellent management tools, such as system configuration, Network service management, storage management and device management, where the log viewer is a frequent concern for administrators, and it records system logs, and we look for analytics right here. 1-33is shown.
1 ). To determine whether the console server is running
#/ETC/INIT.D/INIT.WBEM Status
SMC Server version 2.1.0 running on port 898
2 ). If the console server is not running, start it.
#/etc/init.d/init.wbem start
3 ). start SMC
#/usr/sadm/bin/smc &
because SMC Rights Management is role-based, so we want to Root identity to view all log information.
ii. Sco OpenServer System of GUI Log Analysis Tool
SCO OpenServer System log storage location
/usr/adm/messages General system event logging
/usr/adm/hwconfig
/usr/adm/syslog Major system event logging
/usr/internet/ns_httpd/httpd-80/logs Web Log
In general, you need to note the following files: wtmp (user login record), WTMPX, Sulog (user logged in as a different user)
In addition to our command line, we can use GUI tools to query the log and other administrative operations
#cd/opt/k/sco/unix/5.0.5eb/sa /eventlog
#eventlogGUI
Select those logs will have /var/adm/syslog record, then we can start to formally view the log content
#cd/opt/k/sco/unix/5.0.5eb/sa/systemlogs
#systemlogsGUI
third, Mac OS X of the GUI Log Query Tool
for Mac Os the log of the system may not be common to everyone, sometimes in the forensics process often need, here summarizes the common log list, such as table 1-14 is shown. In addition, the system on Apple Mac OS X 9 contains a log query tool,as shown in1-34 , the left column is the list of all logs in the system, the right side corresponds to the content of a log, The search area at the top right can also be queried by keyword, which is quite handy.
Table 1-14 Mac System main Log
name |
road path |
apple syslog message |
/VAR/LOG/ASL |
vpn , Pppoe log |
/var/log/ppp.log |
printer access log |
/var/log/cups/access_log |
Power Management log |
/usr/bin/pmset-g.log |
firewall log |
/var/log/appfirewall.log |
File system repair Log |
/users/username/library/logs/fsck_hfs.log |
System Diagnostics Information |
/var/log/diagnosticmessages |
is not onlyCisco IOSoperating system is based onBSDkernel, evenApplethis excellent operating system is also based on theBSDkernel. ForApple Mac OS Xfirewalls, in fact, if you knowCiscoThe firewall is not difficult to understand,MansA bitIPFWIt can be seen that it is actually better thanLinuxunder theNetFiltermore simple. Here's an example: for example, we want to prohibitPingserver, which is forbiddenICMP,in the table1-15different operating systems are displayed in theimplementation method.
Table 1-15 comparison of implementation methods between each operating system
operating system |
life order |
mac OS |
IPFW add deny ICMP from all to any |
cisco Route |
access-list deny ICMP any any echo |
linux |
iptables-a input-p ICMP--icmp-type 8-s 0/0-j DROP |
The attentive reader will observe this and Cisco commands are very similar, if the firewall function is turned on, the system will log the firewall logs to Appifrewall.log file, the following instructions are made for the standard log.
#cat/var/log/appfirewall.log
Jan 18:44:47 localhost socketfilterfw[49251]<info>:D eny netbiosd data in for 192.168.11.6:137 to Port 137 proto=1 7
... ...
RFC768 the agreement number stipulated in the - Representative UDP Protocol - indicates that the upper layer is the transport level UDP Agreement, UDP 137 providing access and protection to computers NETBIOS name.
For more original content, please refer to "Unix/linux Network log analysis and traffic monitoring" book
Solaris, Sco, Mac OS system log analysis tools