Solaris, Sco, Mac OS system log analysis tools

Solaris,Mac OSSystem Log Analysis tool

This article takes PC several common on-server UNIX systems such as Solaris , Mac OS as well Sco OpenServer The system is an example of how to look up system logs under these platforms.

first, with SMC Analyze system Logs

    We knowLinuxsystem under theSystem Log Vieweris aGNOMEThe log File Viewer for the desktop environment, and theSOLARSI9/10system, it is also very easy to useGUIToolsSMC(Solaris Management Console), the current version is2.1, which includes the server components (SUNWMC), client components (SUNWMCC), General components (sunmccom), developer Kit (Sunwmcdev),WBEMComponents (SUNWWBMCThese components provide a number of excellent management tools, such as system configuration, Network service management, storage management and device management, where the log viewer is a frequent concern for administrators, and it records system logs, and we look for analytics right here. 1-33is shown.

1 ). To determine whether the console server is running

#/ETC/INIT.D/INIT.WBEM Status

SMC Server version 2.1.0 running on port 898

2 ). If the console server is not running, start it.

#/etc/init.d/init.wbem start

3 ). start SMC

#/usr/sadm/bin/smc &

because SMC Rights Management is role-based, so we want to Root identity to view all log information.

ii. Sco OpenServer System of GUI Log Analysis Tool

SCO OpenServer System log storage location

/usr/adm/messages General system event logging

/usr/adm/hwconfig

/usr/adm/syslog Major system event logging

/usr/internet/ns_httpd/httpd-80/logs Web Log

In general, you need to note the following files: wtmp (user login record), WTMPX, Sulog (user logged in as a different user)

In addition to our command line, we can use GUI tools to query the log and other administrative operations

#cd/opt/k/sco/unix/5.0.5eb/sa /eventlog

#eventlogGUI

Select those logs will have /var/adm/syslog record, then we can start to formally view the log content

#cd/opt/k/sco/unix/5.0.5eb/sa/systemlogs

#systemlogsGUI

third, Mac OS X of the GUI Log Query Tool

for Mac Os the log of the system may not be common to everyone, sometimes in the forensics process often need, here summarizes the common log list, such as table 1-14 is shown. In addition, the system on Apple Mac OS X 9 contains a log query tool,as shown in1-34 , the left column is the list of all logs in the system, the right side corresponds to the content of a log, The search area at the top right can also be queried by keyword, which is quite handy.

Table 1-14 Mac System main Log

name	road path
apple syslog message	/VAR/LOG/ASL
vpn , Pppoe log	/var/log/ppp.log
printer access log	/var/log/cups/access_log
Power Management log	/usr/bin/pmset-g.log
firewall log	/var/log/appfirewall.log
File system repair Log	/users/username/library/logs/fsck_hfs.log
System Diagnostics Information	/var/log/diagnosticmessages

is not onlyCisco IOSoperating system is based onBSDkernel, evenApplethis excellent operating system is also based on theBSDkernel. ForApple Mac OS Xfirewalls, in fact, if you knowCiscoThe firewall is not difficult to understand,MansA bitIPFWIt can be seen that it is actually better thanLinuxunder theNetFiltermore simple. Here's an example: for example, we want to prohibitPingserver, which is forbiddenICMP,in the table1-15different operating systems are displayed in theimplementation method.

Table 1-15 comparison of implementation methods between each operating system

operating system	life order
mac OS	IPFW add deny ICMP from all to any
cisco Route	access-list deny ICMP any any echo
linux	iptables-a input-p ICMP--icmp-type 8-s 0/0-j DROP

The attentive reader will observe this and Cisco commands are very similar, if the firewall function is turned on, the system will log the firewall logs to Appifrewall.log file, the following instructions are made for the standard log.

#cat/var/log/appfirewall.log

Jan 18:44:47 localhost socketfilterfw[49251]<info>:D eny netbiosd data in for 192.168.11.6:137 to Port 137 proto=1 7

... ...

RFC768 the agreement number stipulated in the - Representative UDP Protocol - indicates that the upper layer is the transport level UDP Agreement, UDP 137 providing access and protection to computers NETBIOS name.

For more original content, please refer to "Unix/linux Network log analysis and traffic monitoring" book

Solaris, Sco, Mac OS system log analysis tools